Package: gwt Version: 1.6.4-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for gwt. These may have been fixed upstream in the past since these were issued a while ago, but since this is the initial upload of the package, this needs to be checked. Please feel free to close the bug if the problems have already been appropriately addressed.
CVE-2007-2378[0]: | The Google Web Toolkit (GWT) framework exchanges data using JavaScript | Object Notation (JSON) without an associated protection scheme, which | allows remote attackers to obtain the data via a web page that | retrieves the data through a URL in the SRC attribute of a SCRIPT | element and captures the data using other JavaScript code, aka | "JavaScript Hijacking." CVE-2007-6542[1]: | PHP remote file inclusion vulnerability in admin/frontpage_right.php | in Arcadem LE 2.04 and earlier allows remote attackers to execute | arbitrary PHP code via a URL in the loadadminpage parameter. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2378 http://security-tracker.debian.org/tracker/CVE-2007-2378 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6542 http://security-tracker.debian.org/tracker/CVE-2007-6542 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
