Package: mono Severity: normal Tags: security CVE: CAN-2005-0509 Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
http://marc.theaimsgroup.com/?l=bugtraq&m=110867912714913&w=2 I'm filing this bug on the assumption that this security issue affects Debian's mono packages. I do not myself use mono (or .net), so I could be wrong. If this bug is fixed by a mono upload, please refer to CAN-2005-0509 in the changelog. -- see shy jo
signature.asc
Description: Digital signature
