[Pkg-mediawiki-devel] Bug#685323: Non-persistent XSS vulnerability in contrib script
Benny Baumann
BenBE at geshi.org
Sun Aug 19 16:53:28 UTC 2012
Package: php-geshi
Version: 1.0.8.4-1
Severity: serious
Tags: security upstream
GeSHi 1.0.8.11 closes non-persistent XSS vulnerability in a contrib script provided in
the GeSHi distribution. The vulnerability can be triggered by an attacker using a
specially crafted URL when calling a vulnerable version of the script.
Please upgrade the php-geshi package to the latest upstream version which fixes this issue.
Regards,
upstream.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php-geshi depends on:
ii php5 5.4.4-4
ii php5-cli 5.4.4-4
php-geshi recommends no packages.
php-geshi suggests no packages.
-- no debconf information
More information about the Pkg-mediawiki-devel
mailing list