Ubuntu
gnatsweb package

[Sync request] Sync gnatsweb (4.00-1.1) from Debian unstable (main)

Bug #150687 reported by Michael Bienia on 2007-10-08

Affects		Status	Importance	Assigned to	Milestone
	gnatsweb (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: gnatsweb

Please sync gnatsweb (4.00-1.1) from Debian unstable (main).

The current package has no Ubuntu changes.
The new package builds cleanly in a gutsy pbuilder.

Thanks.

Changelog:

gnatsweb (4.00-1.1) unstable; urgency=high

  * Non-maintainer upload by testing security team.
  * Fixed missing escaping of the database parameter which leads
    to a cross-site scripting vulnerability (XSS) via this
    parameter (CVE-2007-2808) (Closes: # 427156).

-- Nico Golde <email address hidden> Sat, 06 Oct 2007 15:03:47 +0200

CVE References

2007-2808

Michael Bienia (geser) on 2007-10-08

Changed in gnatsweb:
status:	New → Confirmed

Revision history for this message

Jonathan Riddell (jr) wrote on 2007-10-09:

  - <gnatsweb_4.00-1.1.dsc: downloading from http://ftp.debian.org/debian/>
  - <gnatsweb_4.00-1.1.diff.gz: downloading from http://ftp.debian.org/debian/>
  - <gnatsweb_4.00.orig.tar.gz: already in distro - downloading from librarian>

Changed in gnatsweb:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugnatsweb package