Re: phppgadmin multiple XSS (CVE-2011-3598)
On Thu, Jan 05, 2012 at 10:00:43AM +0100, Christoph Berg wrote:
> Re: Moritz Muehlenhoff 2012-01-04 <20120104171956.GA4503@inutil.org>
> > > > Can you also assess whether (old)stable are affected, and if so, provide
> > > > packages? If not (affected or able), do let us know aswell.
> > > >
> > > > In any case, please mention CVE-2011-3598 in your changelogs.
> > >
> > > https://secunia.com/advisories/46248/ says "prior versions" are
> > > affected, so yes.
> > >
> > > The relevant diff parts are:
> >
> > Apparently this fell through the cracks. :-/
> >
> > The impact of this issue is rather minor. Could you please fix this in
> > the upcoming 6.0.4 point release for Squeeze?
> > http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
>
> Hi,
>
> I'm not sure I still have the squeeze/lenny packages I uploaded to
> security-master. Could you push them to ftp-master?
I don't see any trace of them on security-master, neither in the queue
nor in the morgue. Maybe they got rejected because they weren't build
with "-sa"? Annoyingly dak doesn't send the reject mail to the uploader.
Cheers,
Moritz
Reply to: