[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-2158-1] cgiirc security update

Hi,

Steve Kemp wrote:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-2158-1                  security@debian.org
> http://www.debian.org/security/                               Steve Kemp
> February 9, 2011                      http://www.debian.org/security/faq
> ------------------------------------------------------------------------
> 
> Package        : cgiirc
> Vulnerability  : cross-site scripting
> Problem type   : local
> Debian-specific: no
> CVE ID         : CVE-2011-0050
> 
> Michael Brooks (Sitewatch) discovered a reflective XSS flaw in
> cgiirc, a web based IRC client, which could lead to the execution
> of arbitrary javascript.
> 
> For the old-stable distribution (lenny), this problem has been fixed in
> version 0.5.9-3lenny1.

This package does not yet show up in Lenny. According to
http://packages.debian.org/search?keywords=cgiirc 0.5.9-3lenny1 has
been uploaded to squeeze's security repo only.

Can you please upload it to Lenny, too?

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
Reply to: