Source: cherokee Version: 1.2.101-1 Severity: serious Tags: security References: CVE-2011-2191 https://bugs.launchpad.net/ubuntu/+source/cherokee/+bug/784632 https://bugzilla.redhat.com/show_bug.cgi?id=713304
Please verify whether the issue is still present in the package. A quick look at admin/PageVServers.py suggests that this is the case, because the Commit function stores new_nick without any validation. Even though the value is escaped on some accesses admin/PageStatus.py Render_Content does not perform escaping. Helmut _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
