[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 298-1] roundup security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : roundup
Version        : 1.4.15-3+deb6u1
CVE ID         : CVE-2012-6130 CVE-2012-6131 CVE-2012-6132 CVE-2012-6133

   * CVE-2012-6130
     Cross-site scripting (XSS) vulnerability in the history
     display in Roundup before 1.4.20 allows remote attackers
     to inject arbitrary web script or HTML via a username,
     related to generating a link.
   * CVE-2012-6131
     Cross-site scripting (XSS) vulnerability in cgi/client.py
     in Roundup before 1.4.20 allows remote attackers to inject
     arbitrary web script or HTML via the @action parameter to
     support/issue1.
   * CVE-2012-6132
     Cross-site scripting (XSS) vulnerability in Roundup before
     1.4.20 allows remote attackers to inject arbitrary web
     script or HTML via the otk parameter.
   * CVE-2012-6133
     XSS flaws in ok and error messages
     We solve this differently from the proposals in the bug-report
     by not allowing *any* html-tags in ok/error messages anymore.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJV2fDFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHrA0QAJgdSpC0oD3s7tkqGDXnZAc3
CGOF6ytnKXgxUGZyu0Fn8FNQlD5VmCYKKQDILNBRkjFHhizTYlT/8o6zF085VtKW
/a2R3CGVCEpYex/3jxpie+xla0mxo4uXRqnBMhiC9rpuEbvg5tAtA/dLjgTXae3/
Yjwr4nQNGz8dnJA9f8jQVrO4PvIHB9bdw7McYrv+kbfdC1Vw2CIreyoskhELrrup
XHv/gocUIdx52YgWOr7EQ/zNNva3Jj3wLcSY0XA59s4F07ilYuQZRfEE3ADw9GCH
0q/3kJz7exmG9bmTaNEiqG/qolqqfAnHhSfDnymZlwiVh1Pa+bx8z+eqxORCyIrS
TLW1tVRfNWT2vTrOGS82Qd9txCjfZYGpbVYQlUzcRWD3+WacW/s7S+8+JAQXzBMB
kUPjd049FR871g+ObDhCJZOJ/GvfzL05ySY3O1WaqWEJ5I2sqDQdwzCyJ7GTsGIJ
uAzAu/YeKBAOlItLmeCwa/gwesjnSdmSZCzat/rNyursCpWxkDWo6P9ItlExKQB8
3yCM2BmL3Ybs46FIRhzpuCUt0unyPcJGOC2VthqUgHTsxWQw1jJpXblUwvv3C5s5
WGKxWwcM9nR1cddFfhjSioVSudpncDDAyD0s5633pTPc6Gv235vZld8YH/vn9AuW
UPFKyErtPKBYztkKTOLD
=F9Oy
-----END PGP SIGNATURE-----


Reply to: