Re: [SECURITY] [DSA-2158-1] cgiirc security update
Hi,
Steve Kemp wrote:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-2158-1 security@debian.org
> http://www.debian.org/security/ Steve Kemp
> February 9, 2011 http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
> Package : cgiirc
> Vulnerability : cross-site scripting
> Problem type : local
> Debian-specific: no
> CVE ID : CVE-2011-0050
>
> Michael Brooks (Sitewatch) discovered a reflective XSS flaw in
> cgiirc, a web based IRC client, which could lead to the execution
> of arbitrary javascript.
>
> For the old-stable distribution (lenny), this problem has been fixed in
> version 0.5.9-3lenny1.
This package does not yet show up in Lenny. According to
http://packages.debian.org/search?keywords=cgiirc 0.5.9-3lenny1 has
been uploaded to squeeze's security repo only.
Can you please upload it to Lenny, too?
Regards, Axel
--
,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
Reply to: