Ubuntu
namazu2 package

Cross-site scripting vulnerability in namazu2 - old lucid version

Bug #890198 reported by Xela on 2011-11-14

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	namazu2 (Ubuntu)	Fix Released	Undecided	Unassigned
	Lucid	Won't Fix	Medium	Unassigned
	Maverick	Won't Fix	Medium	Unassigned
	Natty	Won't Fix	Medium	Unassigned
	Oneiric	Fix Released	Undecided	Unassigned
	Precise	Fix Released	Undecided	Unassigned

Bug Description

Lucid still has namazu2 version 2.0.20 which is vulnerable to cross-site scripting.
More info here: http://www.namazu.org/security.html#cross-site-scripting

Is there any chance, lucid will get a namazu2 update to 2.0.21?
(oneiric and precise already have it)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-11-18:

#1

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Jamie Strandboge (jdstrand) on 2011-11-18

visibility:	private → public
visibility:	private → public
Changed in namazu2 (Ubuntu):
status:	New → Triaged
status:	Triaged → Confirmed

Revision history for this message

NOKUBI Takatsugu (nokubi) wrote on 2011-11-22:

#2

The following is the security patch for namazu 2.0.20.

http://cvs.namazu.org/namazu/nmz/codeconv.c?r1=1.29.8.8&r2=1.29.8.9&pathrev=stable-2-0&view=patch

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-11-22:

#3

Thanks for giving the patch reference. Because this package is in universe and community maintained, in order for it to be included in Ubuntu, a patch must be prepared against the Ubuntu packages. Please see https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes_for_Contributors for details.

Unsubscribing ubuntu-security-sponsors. Please feel free to resubscribe after submitting any debdiffs.

Changed in namazu2 (Ubuntu Precise):
status:	Confirmed → Fix Released
Changed in namazu2 (Ubuntu Oneiric):
status:	New → Fix Released
Changed in namazu2 (Ubuntu Lucid):
status:	New → Triaged
importance:	Undecided → Medium
Changed in namazu2 (Ubuntu Maverick):
status:	New → Triaged
importance:	Undecided → Medium
Changed in namazu2 (Ubuntu Natty):
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-04-13:

#4

Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against maverick is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in namazu2 (Ubuntu Maverick):
status:	Triaged → Won't Fix

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-11-02:

#5

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against natty is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in namazu2 (Ubuntu Natty):
status:	Triaged → Won't Fix

Revision history for this message

Rolf Leggewie (r0lf) wrote on 2015-06-17:

#6

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in namazu2 (Ubuntu Lucid):
status:	Triaged → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.