[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: phppgadmin multiple XSS (CVE-2011-3598)

On Thu, Jan 05, 2012 at 10:00:43AM +0100, Christoph Berg wrote:
> Re: Moritz Muehlenhoff 2012-01-04 <20120104171956.GA4503@inutil.org>
> > > > Can you also assess whether (old)stable are affected, and if so, provide
> > > > packages? If not (affected or able), do let us know aswell.
> > > > 
> > > > In any case, please mention CVE-2011-3598 in your changelogs.
> > > 
> > > https://secunia.com/advisories/46248/ says "prior versions" are
> > > affected, so yes.
> > > 
> > > The relevant diff parts are:
> > 
> > Apparently this fell through the cracks. :-/
> > 
> > The impact of this issue is rather minor. Could you please fix this in 
> > the upcoming 6.0.4 point release for Squeeze?
> > http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
> 
> Hi,
> 
> I'm not sure I still have the squeeze/lenny packages I uploaded to
> security-master. Could you push them to ftp-master?

I don't see any trace of them on security-master, neither in the queue
nor in the morgue. Maybe they got rejected because they weren't build
with "-sa"? Annoyingly dak doesn't send the reject mail to the uploader.

Cheers,
        Moritz
Reply to: