diff options
author | Martin Schulze <joey> | 2005-12-01 10:31:21 +0000 |
---|---|---|
committer | Martin Schulze <joey> | 2005-12-01 10:31:21 +0000 |
commit | 9b842f1496ba0047cb3fa42a9f4b3603ba8c2487 (patch) | |
tree | 85e489c0ed256bc0ec77d59884ae1cf5ce84c01f | |
parent | 56071471626c777d6c38a8ac7c672d55d3909ce1 (diff) |
[DSA 914-1] New horde2 packages fix cross-site scripting
CVS version numbers
english/security/2005/dsa-914.data: INITIAL -> 1.1
english/security/2005/dsa-914.wml: INITIAL -> 1.1
-rw-r--r-- | english/security/2005/dsa-914.data | 26 | ||||
-rw-r--r-- | english/security/2005/dsa-914.wml | 20 |
2 files changed, 46 insertions, 0 deletions
diff --git a/english/security/2005/dsa-914.data b/english/security/2005/dsa-914.data new file mode 100644 index 00000000000..1a9a296c20c --- /dev/null +++ b/english/security/2005/dsa-914.data @@ -0,0 +1,26 @@ +<define-tag pagetitle>DSA-914-1 horde2</define-tag> +<define-tag report_date>2005-12-1</define-tag> +<define-tag secrefs>CVE-2005-3570 BID15409 Bug#338983</define-tag> +<define-tag packages>horde2</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> + +#use wml::debian::security + +<h3>Debian GNU/Linux 3.1 (sarge)</h3> + +<dl> + +<dt><source /> + + <dd><fileurl http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1.dsc /> + <dd><fileurl http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1.diff.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz /> + +<dt><arch-indep /> + + <dd><fileurl http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1_all.deb /> + +</dl> + +<p><md5sums http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00315.html /></p> diff --git a/english/security/2005/dsa-914.wml b/english/security/2005/dsa-914.wml new file mode 100644 index 00000000000..69b50119ad9 --- /dev/null +++ b/english/security/2005/dsa-914.wml @@ -0,0 +1,20 @@ +<define-tag description>missing input sanitising</define-tag> +<define-tag moreinfo> +<p>A vulnerability has been discovered in horde2, a web application +suite, that allows attackers to insert arbitary script code into the +error web page.</p> + +<p>The old stable distribution (woody) does not contain horde2 packages.</p> + +<p>For the stable distribution (sarge) this problem has been fixed in +version 2.2.8-1sarge1.</p> + +<p>For the unstable distribution (sid) this problem has been fixed in +version 2.2.9-1.</p> + +<p>We recommend that you upgrade your horde2 package.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2005/dsa-914.data" +# $Id$ |