[SECURITY] [DLA 167-1] redcloth security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 167-1] redcloth security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 7 Mar 2015 19:06:40 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1503071905460.8491@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : redcloth
Version        : 4.2.2-1.1+deb6u1
CVE ID         : CVE-2012-6684
Debian Bug     : 774748

Kousuke Ebihara discovered that redcloth, a Ruby module used to
convert Textile markup to HTML, did not properly sanitize its
input. This allowed a remote attacker to perform a cross-site
scripting attack by injecting arbitrary JavaScript code into the
generated HTML.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU+z4wXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHa5QP/0U5YRsliUtAcPWluoaGu/Ss
2y+sfvynnZ9WRiNuFRA5MA4tdGVeccccWxKOMAUXL014sSc6aZPRjy/snaA+hHZW
C81VnHAj/3KaFdCLx+CDHTs3NNtubqfMFxYzxBUMqnUC9jx0xtt7K8o+oVBcjCPE
xm0EHVa7nOlZ2TeY2qcLZ+t0s7h6lupnFK9lWdogwISHjkP6l1a9VFQ+RaxOjOqi
2S7JyBGxf1aE8aXCJ73JYVAkPtN6GGvKturzdXsSLZ+D1Ft6mB6E34rStyteUYEr
Q+wj/cqZhKpUJzl3cT0ah8j45ZeUu2AKCXPlnCiaXaRSoF59nj5p8CCfkJbR1NLm
EBytRC1eO9HvVr37PPrtlJRvUX8T7c5EVWamx2fjpo8lt8e4As2Hq1PeOtlxREUR
EBPXCzlgrbKmk+kYrHk/PGmHzREfpgrPuOBMA32rlt0V18ybg8XvNLlgS2irqBGw
IBsI5nzGtoLyZ6gD1QKVOvlsfm14MWnolYSfFOEORR2tSbCGECwmyrbk29/tATsx
xyWWs6LzPTiAW7voVyoJhddu72PUPOsUvhBB4dS/z15WJMUOlbYA6vmzaYyK+Aob
BSVWqzwYWS4VmVrc04yy6HC9NCnQmYs5Cv0+Yy35A1yUlnc2h5TH0RDcluehy/ix
j/laI6w7bdK87gW5vWBU
=hrSL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 166-1] libarchive security update
Next by Date: [SECURITY] [DLA 168-1] konversation security update
Previous by thread: [SECURITY] [DLA 166-1] libarchive security update
Next by thread: [SECURITY] [DLA 168-1] konversation security update
Index(es):
- Date
- Thread