[Secure-testing-team] Bug#585163: CVE-2010-1916: security issue in Xinha
Moritz Muehlenhoff
jmm at debian.org
Wed Jun 9 17:03:31 UTC 2010
Package: openacs
Severity: grave
Tags: security
Hi,
openacs includes a copy of xinha, for which the following security
issue was reported:
http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml
http://xinha.webfactional.com/ticket/1518
Please check if openacs's code copy is affected and update the internal
copy in necessary.
There's already an ITP for xinha (Bug 479708) and since four packages
currently in the archive use xinha (openacs, Horde, serendipity and
dotlrn) it would be nice if we could migrate to a single package
for Squeeze.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list