-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2597-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 17, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : velocity-tools Version : 2.0-6+deb9u1 CVE ID : CVE-2020-13959 Debian Bug : #985221 It was discovered that there was a cross-site scripting (XSS) vulnerability in velocity-tools, a collection of useful tools for the "Velocity" template engine. The default error page could be exploited to steal session cookies, perform requests in the name of the victim, used for phishing attacks and many other similar attacks. For Debian 9 "Stretch", this problem has been fixed in version 2.0-6+deb9u1. We recommend that you upgrade your velocity-tools packages. For the detailed security status of velocity-tools please refer to its security tracker page at: https://security-tracker.debian.org/tracker/velocity-tools Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmBSLmcACgkQHpU+J9Qx Hlh5Jg//dgNUCvH3xd8rRp+WRO6wbydKLSwi59x01l3jgS5mOnypXi/urXUBYYSn WM1saZt4dkG8yXAMcRa5WHKbWZ2A8Xg1fHrqAHoF+dU8WsJkaNAkWjpNEmEjhzjc R1rrdN3UkUjK4A8FspTWKBdC/YeQLmVapBALxAZGKCyxmruzXhoYsyi8vk0ZJWRY 5xu2A+UjpcfMkWj1lDNGY37azFBv5r2wxSsIhPScKvYUCVN55sb4jvZ/SBYaKin5 kCOVGjV2wloqi0gOr+Eq/qfj6QW1d/v8nPa+RGPacmwj/RbuzMl2VSNkmYweAxob qK4+OMMipFa3/OGBpe270SytY1FadiNiJEPgEXe76m7L2ufJLvsactSNX1Fqn/7Z E0kpwhIk4gpexYhQQ2x9EEiTF4VpIzDOb8Osztfrbqoq7DjCQAiDfG9PrqcGpQQP 1In2YfGVkSvoYoNqqirPpOnX3DLd2Er5aBjyVDG1Q0RdfDkCwM9TnbxqUSMmw3lA FyFW/MyHVQKrFq+FM+tnYTjRLqDgyyniyhXEIC69XVRPK8qGuvny4uh9ARe/NW3P BoR3DwyB75VN13W3n2au+MMBvV87N8hkHfjPcRYS7m1xlRzS+KTW0Hzs48t+Y4Uc J4Zd5kZUUAntM1+19NmqBa0CbhlyBRHhDqdrTjjJwYwpR9m0y08= =KVwn -----END PGP SIGNATURE-----
