Debian Security Advisory
DSA-2512-1 mono -- missing input sanitising
- Date Reported:
- 12 Jul 2012
- Affected Packages:
- mono
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-3382.
- More information:
-
Marcus Meissner discovered that the web server included in Mono performed insufficient sanitising of requests, resulting in cross-site scripting.
For the stable distribution (squeeze), this problem has been fixed in version 2.6.7-5.1.
For the unstable distribution (sid), this problem has been fixed in version 2.10.8.1-5.
We recommend that you upgrade your mono packages.