drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung von CGI-Variablen in mailman
| Name: |
Unsichere Verwendung von CGI-Variablen in mailman
|
|
| ID: |
DSA-094-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian potato |
|
| Datum: |
Mo, 17. Dezember 2001, 12:00 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
MailMan |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
------------------------------------------------------------------------
Debian Security Advisory DSA-094-1 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
December 16, 2001
------------------------------------------------------------------------
Package : mailman
Problem type : cross-site scripting hole
Debian-specific: no
Barry A. Warsaw reported several cross-site scripting security holes
in Mailman, due to non-existent escaping of CGI variables.
These have been fixed upstream in version 2.0.8, and the relevant
patches have been backported to version 1.1-10 in Debian.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
mailman_1.1-10.diff.gz
MD5 checksum: a9ae9e389e13622a9dd8a70a6a57f2b7
mailman_1.1-10.dsc
MD5 checksum: 8c77bc3c07be39e8ced4d85882eedf21
mailman_1.1.orig.tar.gz
MD5 checksum: 42d499f4e1de6959c50b20a4eb0f432a
Alpha architecture:
mailman_1.1-10_alpha.deb
MD5 checksum: 67f8c3c723ec8797117d1fed29f41369
ARM architecture:
mailman_1.1-10_arm.deb
MD5 checksum: 80d1fbee3ae7bab5e73ce860b4d8da87
Intel IA-32 architecture:
mailman_1.1-10_i386.deb
MD5 checksum: 27c9d400360a99b39954f563f5d0ed43
Motorola 680x0 architecture:
mailman_1.1-10_m68k.deb
MD5 checksum: 2a62ce782f5510f24458050e4c3331d9
PowerPC architecture:
mailman_1.1-10_powerpc.deb
MD5 checksum: 9239fc74b76ec983b3009a194dc4ce2c
Sun Sparc architecture:
mailman_1.1-10_sparc.deb
MD5 checksum: ad498878cdc9901e92e4b775e023f610
These packages will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--
----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBPBv8AajZR/ntlUftAQGIBgMAqrY9ILYTVBAZh4prGb7/Tk40/A1hAWG4
E5K6NzanvsDbbhQwPafOumUazCVnJa+GSwA/ydhektBXdwR4bv6DIfpOS7nJ4o/R
Po2pptcNrd/r7XaDDxHWraxk6llTznoI
=o1Zc
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
|
|
|
|
