[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[BSA-062] Security Update for fex

Kilian Krause uploaded new packages for fex which fixed the
following security problems:

CVE-2012-0869, CVE-2012-1293 (see also DSA 2414-1 and 2412-2)

Nicola Fioravanti discovered that F*EX, a web service for transferring
very large files, is not properly sanitizing input parameters of the "fup"
script.  An attacker can use this flaw to conduct reflected cross-site
scripting attacks via various script parameters.

For the squeeze-backports distribution the problems have been fixed in
version 20120215-3~bpo60+1.

The Debian stable and unstable distribution are already fixed, testing (wheezy)
will receive this update in the next days.

We recommend that you upgrade your fex packages.

Best regards,

Attachment: signature.asc
Description: Digital signature

Reply to: