OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Wichert Akkerman (wichertwiggy.net)
Date: Wed Dec 05 2001 - 05:30:38 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-088-1 securitydebian.org
    http://www.debian.org/security/ Wichert Akkerman
    December 5, 2001
    - ------------------------------------------------------------------------

    Package : fml
    Problem type : improper character escaping
    Debian-specific: no

    The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2
    suffers from a cross-site scripting problem. When generating index
    pages for list archives the `<' and `>' characters were not properly
    escaped for subjects.

    This has been fixed in version 3.0+beta.20000106-5, and we recommend
    that you upgrade your fml package to that version. Upgrading will
    automatically regenerate the index pages.

    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.

    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------

      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

      Source archives:
        http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.diff.gz
          MD5 checksum: 67b5d072dd0da3846f95db595545ca97
        http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.dsc
          MD5 checksum: 99a9d695a1b45eb7ee865709551da6f2
        http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106.orig.tar.gz
          MD5 checksum: 35ed0841980a7de7d1d31d9f715fb50b

      Architecture independent archives:
        http://security.debian.org/dists/stable/updates/main/binary-all/fml_3.0+beta.20000106-5_all.deb
          MD5 checksum: 022401cdfa939b628a10b6d8109a6c72

      These packages will be moved into the stable distribution on its next
      revision.

    For not yet released architectures please refer to the appropriate
    directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

    - --
    - ----------------------------------------------------------------------------
    apt-get: deb http://security.debian.org/ stable/updates main
    dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announcelists.debian.org

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv

    iQB1AwUBPA4FPqjZR/ntlUftAQF/agL9H58kHN0UvMRVQLi0UN2DXwOFtM6X2rRW
    7KXuxFQscmcrTJiDyo4RBW7Ar9YWalAIGP1YgeZK4h/BD6Rw0cJpjCCj8vrZxW6M
    U0KYvNXMDpzfXAwpsI1fG35ivURZ8K51
    =8XHz
    -----END PGP SIGNATURE----- 

    -- 
To UNSUBSCRIBE, email to debian-security-announce-requestlists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmasterlists.debian.org