[Bug 150687] [Sync request] Sync gnatsweb (4.00-1.1) from Debian unstable (main)
Michael Bienia
michael at vorlon.ping.de
Mon Oct 8 20:35:01 BST 2007
Public bug reported:
Binary package hint: gnatsweb
Please sync gnatsweb (4.00-1.1) from Debian unstable (main).
The current package has no Ubuntu changes.
The new package builds cleanly in a gutsy pbuilder.
Thanks.
Changelog:
gnatsweb (4.00-1.1) unstable; urgency=high
* Non-maintainer upload by testing security team.
* Fixed missing escaping of the database parameter which leads
to a cross-site scripting vulnerability (XSS) via this
parameter (CVE-2007-2808) (Closes: # 427156).
-- Nico Golde <nion at debian.org> Sat, 06 Oct 2007 15:03:47 +0200
** Affects: gnatsweb (Ubuntu)
Importance: Undecided
Status: Confirmed
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2808
** Changed in: gnatsweb (Ubuntu)
Status: New => Confirmed
--
[Sync request] Sync gnatsweb (4.00-1.1) from Debian unstable (main)
https://bugs.launchpad.net/bugs/150687
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list