[Bug 613758] [NEW] Sync lxr-cvs 0.9.5+cvs20071020-1.1 (universe) from Debian unstable (main)
Michael Bienia
michael at bienia.de
Thu Aug 5 09:09:19 BST 2010
Public bug reported:
Please sync lxr-cvs 0.9.5+cvs20071020-1.1 (universe) from Debian
unstable (main)
Changelog entries since current maverick version 0.9.5+cvs20071020-1:
lxr-cvs (0.9.5+cvs20071020-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Backported upstream security fixes from current release (Closes: #584671).
* This update addresses the following security issues:
- CVE-2010-1448: reflected XSS via title tag on search page (Closes: #588036).
- CVE-2010-1625: reflected XSS in search results page (Closes: #588137).
- CVE-2009-4497: XSS via the i parameter of the ident script (Closes: #575745).
-- Nico Golde <nion at debian.org> Sat, 31 Jul 2010 15:57:41 +0200
** Affects: lxr-cvs (Ubuntu)
Importance: Wishlist
Status: Confirmed
** Changed in: lxr-cvs (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: lxr-cvs (Ubuntu)
Status: New => Confirmed
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1448
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1625
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4497
--
Sync lxr-cvs 0.9.5+cvs20071020-1.1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/613758
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list