[SECURITY] [DSA 2263-2] movabletype-opensource security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 2263-2] movabletype-opensource security update
From: Thijs Kinkhorst <thijs@debian.org>
Date: Fri, 30 Dec 2011 08:52:23 +0100 (CET)
Message-id: <[🔎] 20111230075223.05D6859DF0@kinkhorst.com>
Reply-to: debian-security@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2263-2                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
December 30, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : movabletype-opensource
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : not yet available
Debian Bug     : 627936

Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny'
suite at that time. This update adds that package. The original advisory
text follows.

It was discovered that Movable Type, a weblog publishing system,
contains several security vulnerabilities:

A remote attacker could execute arbitrary code in a logged-in users'
web browser.

A remote attacker could read or modify the contents in the system
under certain circumstances.

For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.3-1+lenny3.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.5+dfsg-2+squeeze2.

For the testing distribution (wheezy) and for the unstable
distribution (sid), these problems have been fixed in version
4.3.6.1+dfsg-1.

We recommend that you upgrade your movabletype-opensource packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJO/W15AAoJEOxfUAG2iX579YAH/iHvmSvkzHQj5mrg48eEw8XI
RCWvrYvCmnvPSJWia0c0p66KuncfABjWO3vN2MQR231TYlFH1UXGhwDQ6pyIxM9S
jjvxmpoJD3DJm9VDlviSJfUulz9f47xyNbOMnB1griTlueOotYZR98B3MnbYzaB/
hemCTK7eC5tHgUj2LK3iVClmmL+OL9ykhFT7gYwJ+k4SX7zh82jrvghzktFoM9RV
nbsVx6uqI341SVIuM/hbDuIHhWnobSPZyEcGEXoU1YcojezwLz/HMyEm929OsWTl
t0SurJvEEGvSQwiIO1cp0/S9txZZtuZQrLFpnFBdnC5YFihdM8TQN2sIZ0y3izA=
=E15M
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 2376-1] ipmitool security update
Next by Date: [SECURITY] [DSA 2376-2] ipmitool security update
Previous by thread: [SECURITY] [DSA 2376-1] ipmitool security update
Next by thread: [SECURITY] [DSA 2376-2] ipmitool security update
Index(es):
- Date
- Thread