Publishing details

Changelog

mono (1.2.6+dfsg-6ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
    the ASP.net class libraries (LP: #282952)
    - debian/patches/security_CVE-2008-3422.dpatch: properly encode and
      escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
      {HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
      HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
      System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
      HtmlInputRadioButtonTest,HtmlSelectTest}.cs
    - CVE-2008-3422
  * SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
    - debian/patches/security_CVE-2008-3906.dpatch: encode headers in
      mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
      System.Web.Configuration/HttpRuntimeConfig.cs}
    - CVE-2008-3906
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

 -- Marc Deslauriers <email address hidden>   Wed, 19 Aug 2009 16:04:59 -0400

Available diffs

Builds

Built packages

Package files