[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input

The 18 month support period for Edgy Eft 6.10 has reached it's end of life. As a result, we are closing the Edgy Eft task. However, please note that this report will remain open against the actively developed release. Thank you for your continued support and help as we debug this issue.

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Fixed in karmic:

namazu2 (2.0.18-0.1) unstable; urgency=high

  * Non-maintainer upload to fix a security issue and pending l10n issues.
  * New upstream release. Fixes CVE-2008-1468
    (allows remote attackers to inject arbitrary web script or HTML via
     UTF-7 encoded input). Closes: #472644
  * Fix the package description wrt availability of chasen
    Closes: #152873
  * Fix packages' synopsis. Closes: #173006, #245404
  * Debconf translations:
    - Dutch. Closes: #415497
    - Portuguese. Closes: #416825
    - Finnish. Closes: #472914
    - Galician. Closes: #475591
    - Basque. Closes: #475608
    - Russian. Closes: #476443
  * [Lintian] Move libnmz7-dev to section "libdevel"
  * [Lintian] Remove cruft from dh-make: debian/ex.doc-base.package
  * [Lintian] No longer ignore errors from "make distclean"
  * [Lintian] Set debhelper compatibility level in debian/compat
  * [Lintian] Don't use $(PWD) in debian/rules, nor the "CWD=$(shell pwd)"
    trick previously used. Use $(CURDIR) instead.
  * [Lintian] List "tk8.3" as first alternative before wish virtual package
  * Replace "debconf | debconf2.0" by "${misc:Depends}" in dependencies

 -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 02 May 2008 02:19:59 +0100

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.