[Sync request] Sync gnatsweb (4.00-1.1) from Debian unstable (main)
Bug #150687 reported by
Michael Bienia
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnatsweb (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: gnatsweb
Please sync gnatsweb (4.00-1.1) from Debian unstable (main).
The current package has no Ubuntu changes.
The new package builds cleanly in a gutsy pbuilder.
Thanks.
Changelog:
gnatsweb (4.00-1.1) unstable; urgency=high
* Non-maintainer upload by testing security team.
* Fixed missing escaping of the database parameter which leads
to a cross-site scripting vulnerability (XSS) via this
parameter (CVE-2007-2808) (Closes: # 427156).
-- Nico Golde <email address hidden> Sat, 06 Oct 2007 15:03:47 +0200
CVE References
Changed in gnatsweb: | |
status: | New → Confirmed |
To post a comment you must log in.
- <gnatsweb_ 4.00-1. 1.dsc: downloading from http:// ftp.debian. org/debian/> 4.00-1. 1.diff. gz: downloading from http:// ftp.debian. org/debian/> 4.00.orig. tar.gz: already in distro - downloading from librarian>
- <gnatsweb_
- <gnatsweb_