[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-2158-1] cgiirc security update

On Wed, Feb 09, 2011 at 09:32:48PM +0000, Steve Kemp wrote:
> Package        : cgiirc
> Vulnerability  : cross-site scripting
> Problem type   : local
> Debian-specific: no
> CVE ID         : CVE-2011-0050
> Michael Brooks (Sitewatch) discovered a reflective XSS flaw in
> cgiirc, a web based IRC client, which could lead to the execution
> of arbitrary javascript.
> For the old-stable distribution (lenny), this problem has been fixed in
> version 0.5.9-3lenny1.
> For the stable distribution (squeeze), and unstable distribution (sid),
> this problem will be fixed shortly.

No sign of this yet on security.debian.org for lenny, but 


says that 0.5.9-3lenny1 is in stable-sec (which is of course squeeze-sec
now), so it looks like this package went to the wrong distribution
(although as both lenny and squeeze had 0.5.9-3 previously this may
not be a disaster).


Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to: