Debian
gnatsweb package

  1. Bug #191196
  2. Comment #6

Comment 6 for bug 191196

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnatsweb - 4.00-1ubuntu0.7.04

---------------
gnatsweb (4.00-1ubuntu0.7.04) feisty-security; urgency=low

  * SECURITY UPDATE:
   + gnatsweb.pl (LP: #191196)
    - Fixed missing escaping of the database parameter which leads
      to a cross-site scripting vulnerability (XSS) via this
      parameter (CVE-2007-2808).
   + debian/control
    - Switch Maintainer to Ubuntu MOTU Developers
  * References:
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2808
   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156

 -- Emanuele Gentili <email address hidden> Fri, 29 Feb 2008 03:40:07 +0100