[Secure-testing-team] Bug#538722: CVE-2009-2265: fckeditor is embedded in etch version
Giuseppe Iuculano
giuseppe at iuculano.it
Sun Jul 26 14:38:40 UTC 2009
Package: knowledgeroot
Version: 0.9.7.3-2
Severity: serious
Tags: security etch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for fckeditor.
CVE-2009-2265[0]:
| Multiple directory traversal vulnerabilities in FCKeditor before
| 2.6.4.1 allow remote attackers to create executable files in arbitrary
| directories via directory traversal sequences in the input to
| unspecified connector modules, as exploited in the wild for remote
| code execution in July 2009, related to the file browser and the
| editor/filemanager/connectors/ directory.
fckeditor is embedded in knowledgeroot (etch version).
Please coordinate with the security team (team at security.debian.org) to
prepare packages for the oldstable releases.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2265
http://security-tracker.debian.net/tracker/CVE-2009-2265
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpsam0ACgkQNxpp46476aqexgCdGm4PscVpzOu7W9wNNdoggGnQ
lW8AoICkb34/DFw4fXdebU5UrpO6fZVp
=T2Y8
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list