[gnatsweb] [CVE-2007-2808] cross-site scripting vulnerability
Bug #191196 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnatsweb (Debian) |
Fix Released
|
Unknown
|
|||
gnatsweb (Ubuntu) |
Invalid
|
Low
|
Kees Cook | ||
Dapper |
Fix Released
|
Low
|
Emanuele Gentili | ||
Edgy |
Fix Released
|
Low
|
Emanuele Gentili | ||
Feisty |
Fix Released
|
Low
|
Emanuele Gentili |
Bug Description
Binary package hint: gnatsweb
References:
DSA-1486-1 (http://
Quoting:
"'r0t' discovered that gnatsweb, a web interface to GNU GNATS, did not
correctly sanitize the database parameter in the main CGI script. This
could allow the injection of arbitrary HTML, or javascript code."
CVE References
Changed in gnatsweb: | |
status: | Unknown → Fix Released |
Changed in gnatsweb: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
same version (4.00-1) in edgy, but patch attached.