[Secure-testing-team] Bug#585164: CVE-2010-1916: Security issue in Xinha
Moritz Muehlenhoff
jmm at debian.org
Wed Jun 9 17:04:52 UTC 2010
Package: dotlrn
Severity: grave
Tags: security
Hi,
dotlrn includes a copy of xinha, for which the following security
issue was reported:
http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml
http://xinha.webfactional.com/ticket/1518
Please check if dotlrn's code copy is affected and update the internal
copy.
There's already an ITP for xinha (Bug 479708) and since four packages
currently in the archive use xinha (openacs, Horde, serendipity and
dotlrn) it would be nice if we could migrate to a single package
for Squeeze.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list