drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung von CGI-Variablen in mailman
Name: |
Unsichere Verwendung von CGI-Variablen in mailman
|
|
ID: |
DSA-094-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian potato |
|
Datum: |
Mo, 17. Dezember 2001, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
MailMan |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
------------------------------------------------------------------------ Debian Security Advisory DSA-094-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman December 16, 2001 ------------------------------------------------------------------------
Package : mailman Problem type : cross-site scripting hole Debian-specific: no
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables.
These have been fixed upstream in version 2.0.8, and the relevant patches have been backported to version 1.1-10 in Debian.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
Debian GNU/Linux 2.2 alias potato ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives: mailman_1.1-10.diff.gz MD5 checksum: a9ae9e389e13622a9dd8a70a6a57f2b7 mailman_1.1-10.dsc MD5 checksum: 8c77bc3c07be39e8ced4d85882eedf21 mailman_1.1.orig.tar.gz MD5 checksum: 42d499f4e1de6959c50b20a4eb0f432a
Alpha architecture: mailman_1.1-10_alpha.deb MD5 checksum: 67f8c3c723ec8797117d1fed29f41369
ARM architecture: mailman_1.1-10_arm.deb MD5 checksum: 80d1fbee3ae7bab5e73ce860b4d8da87
Intel IA-32 architecture: mailman_1.1-10_i386.deb MD5 checksum: 27c9d400360a99b39954f563f5d0ed43
Motorola 680x0 architecture: mailman_1.1-10_m68k.deb MD5 checksum: 2a62ce782f5510f24458050e4c3331d9
PowerPC architecture: mailman_1.1-10_powerpc.deb MD5 checksum: 9239fc74b76ec983b3009a194dc4ce2c
Sun Sparc architecture: mailman_1.1-10_sparc.deb MD5 checksum: ad498878cdc9901e92e4b775e023f610
These packages will be moved into the stable distribution on its next revision.
For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
-- ---------------------------------------------------------------------------- apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv
iQB1AwUBPBv8AajZR/ntlUftAQGIBgMAqrY9ILYTVBAZh4prGb7/Tk40/A1hAWG4 E5K6NzanvsDbbhQwPafOumUazCVnJa+GSwA/ydhektBXdwR4bv6DIfpOS7nJ4o/R Po2pptcNrd/r7XaDDxHWraxk6llTznoI =o1Zc -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|