Debian Security Advisory
DSA-2263-2 movabletype-opensource -- several vulnerabilities
- Date Reported:
- 16 Jun 2011
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 627936.
- More information:
It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities:
A remote attacker could execute arbitrary code in a logged-in users' web browser.
A remote attacker could read or modify the contents in the system under certain circumstances.
For the oldstable distribution (lenny), these problems have been fixed in version 4.2.3-1+lenny3.
For the stable distribution (squeeze), these problems have been fixed in version 4.3.5+dfsg-2+squeeze2.
For the testing distribution (wheezy) and for the unstable distribution (sid), these problems have been fixed in version 220.127.116.11+dfsg-1.
We recommend that you upgrade your movabletype-opensource packages.