Security Information / 2011 / Security Information -- DSA-2263-2 movabletype-opensource

Debian Security Advisory

DSA-2263-2 movabletype-opensource -- several vulnerabilities

Date Reported:

16 Jun 2011

Affected Packages:

movabletype-opensource

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 627936.

More information:

It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities:

A remote attacker could execute arbitrary code in a logged-in users' web browser.

A remote attacker could read or modify the contents in the system under certain circumstances.

For the oldstable distribution (lenny), these problems have been fixed in version 4.2.3-1+lenny3.

For the stable distribution (squeeze), these problems have been fixed in version 4.3.5+dfsg-2+squeeze2.

For the testing distribution (wheezy) and for the unstable distribution (sid), these problems have been fixed in version 4.3.6.1+dfsg-1.

We recommend that you upgrade your movabletype-opensource packages.