Alerta de Segurança Debian
DSA-088-1 fml -- improper character escaping
- Data do Alerta:
- 05 Dez 2001
- Pacotes Afetados:
- fml
- Vulnerável:
- Sim
- Referência à base de dados de segurança:
- Na base de dados do BugTraq (na SecurityFocus): ID BugTraq 3623.
- Informações adicionais:
-
The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2
suffers from a cross-site scripting problem. When generating index
pages for list archives the `<' and `>' characters were not properly
escaped for subjects.
This has been fixed in version 3.0+beta.20000106-5, and we recommend that you upgrade your fml package to that version. Upgrading will automatically regenerate the index pages.
- Corrigido em:
-
Debian GNU/Linux 2.2 (potato)
- Fonte:
- http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.dsc
- http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.dsc
- Componente independente de arquitetura:
- http://security.debian.org/dists/stable/updates/main/binary-all/fml_3.0+beta.20000106-5_all.deb
Checksums MD5 dos arquivos listados estão disponíveis no alerta original.