[phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising
Bug #227288 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpgedview (Debian) |
Fix Released
|
Unknown
|
|||
phpgedview (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Intrepid |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: phpgedview
References:
DSA-1559-1 (http://
Quoting:
"It was discovered that phpGedView, an application to provide online access
to genealogical data, performed insufficient input sanitising on some
parameters, making it vulnerable to cross site scripting."
CVE References
Changed in phpgedview: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Looks like we should remove this - debian already has.
[Date: Thu, 22 May 2008 19:32:29 +0000] [ftpmaster: Thomas Viehmann]
Removed the following packages from unstable:
phpgedview | 4.1.e+4.1.5-1 | source, all languages | 4.1.e+4.1.5-1 | all
phpgedview-
phpgedview-places | 4.1.e+4.1.5-1 | all
phpgedview-themes | 4.1.e+4.1.5-1 | all
Closed bugs: 458087
------------------- Reason ------------------- ------- ------- ------- ------- ------- ----
RoM: unmaintained, no adoptor
-------