[Secure-testing-team] Bug#500873: blosxom: XSS problem in the error flavour
Gerfried Fuchs
rhonda at debian.at
Thu Oct 2 08:43:00 UTC 2008
Package: blosxom
Version: 2.1.1-1
Severity: critical
Tags: security
Hi!
Yoshinori Ohta of Business Architects Inc. found a XSS issue in blosxom
related to handling of unknown flavour types. The fix is now commited to
upstream CVS:
<http://blosxom.cvs.sourceforge.net/viewvc/blosxom/blosxom2/blosxom.cgi?r1=1.83&r2=1.84>
The upstream version is expected to get released today, the issue has
been granted the CVE id CVE-2008-2236.
So long,
Rhonda
More information about the Secure-testing-team
mailing list