[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1512-1] sympa security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : sympa
Version        : 6.1.23~dfsg-2+deb8u3
CVE ID         : CVE-2018-1000671
Debian Bug     : 908165


An Open Redirect vulnerability has been discovered in sympa. The
"referer" parameter of the wwsympa.fcgi login action can result in
Open redirection and potential Cross Site Scripting via data URIs.
This attack appear to be exploitable via Victim browser opening a
crafted URL supplied by the attacker.

For Debian 8 "Jessie", this problem has been fixed in version
6.1.23~dfsg-2+deb8u3.

We recommend that you upgrade your sympa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlukYX4ACgkQhj1N8u2c
KO9Fww/9GyLPBD6NjV1hZo2/JPjQucWf5lfghYrpm0756YCBlRhhomqWY6UEyUtD
VroiQOD8p/hA4458/liyXQFGxdMqwy78clFolcqYrNtL901WZRf+75kRjFM/lf9D
L2og+tHFqHWRpKsdDjiowgKWCF2rgVShixllofavoUOkCILSl/6e/cU+ovq8OAjh
SCr4hJERtGU4bGtBGXKko3GG/VK++nYxm4bdN87JYTcaDKLcrbMsF5lZtAwIP4yw
GJ+wF3mzqFJxnlP2Mo1Z2SWryp3UArYV5OsEe0I95K6oe6iIqNy6BcYjEVQbLpNl
fxvocdf05/+177gH14hlxJPwSxpDk67xJOO2fFXvlYi7sBj98EyskskvtEtSBAHB
30X/crzJqH9cSEToKk9BVHWH0OU2djijKb+KSU+aq8XHDlYEbNFHccSvfeDGcw2V
8tWTqITEguSsxJsW3TW+PMTBPmsO45WeSYY1zP6/iKtX6MIdC0r5zwtOiyrhRelR
TpHNXsXXyDmuQryEg7rbBcDDlLGTaZpDsUggDP5ytQa6qy+FAEc33MYTplh34lw4
jzDnH9ZzyYwyq9CJ80uc5OSqtnM50ZEhGNHHwa3rJi+QKvKRH9XTGWdoChGxRlKa
jphPkSMDCf06ZfNC5PGJDWbGrVZvDxWlC3Nguok/c/ocp5FMNTY=
=1/Uk
-----END PGP SIGNATURE-----


Reply to: