Bug#453278: CVE-2007-6110: XSS in htsearch

[Steffen Joeris]

Package: htdig
Version: 1:3.2.0b6-3.1
Severity: important
Tags: security

Hi

The following CVE[0] has been issued against htdig.

CVE-2007-6110:

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6
allows remote attackers to inject arbitrary web script or HTML via the
sort parameter.

Please mention the CVE id number in your changelog, when you fix the
problem.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6110



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processing of lineak-kdeplugins_0.9-5_amd64.changes

[Archive Administrator]

lineak-kdeplugins_0.9-5_amd64.changes uploaded successfully to localhost
along with the files:
  lineak-kdeplugins_0.9-5.dsc
  lineak-kdeplugins_0.9-5.diff.gz
  lineak-kdeplugins_0.9-5_amd64.deb

Greetings,

Your Debian queue daemon


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

lineak-kdeplugins_0.9-5_amd64.changes ACCEPTED

[Debian Installer]

Accepted:
lineak-kdeplugins_0.9-5.diff.gz
  to pool/main/l/lineak-kdeplugins/lineak-kdeplugins_0.9-5.diff.gz
lineak-kdeplugins_0.9-5.dsc
  to pool/main/l/lineak-kdeplugins/lineak-kdeplugins_0.9-5.dsc
lineak-kdeplugins_0.9-5_amd64.deb
  to pool/main/l/lineak-kdeplugins/lineak-kdeplugins_0.9-5_amd64.deb


Override entries for your package:
lineak-kdeplugins_0.9-5.dsc - source x11
lineak-kdeplugins_0.9-5_amd64.deb - optional x11

Announcing to [EMAIL PROTECTED]
Closing bugs: 417369 


Thank you for your contribution to Debian.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#417369: marked as done (FTBFS with GCC 4.3: missing #includes)

[Debian Bug Tracking System]

Your message dated Wed, 28 Nov 2007 20:32:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#417369: fixed in lineak-kdeplugins 2:0.9-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: lineak-kdeplugins
Version: 2:0.9-4
Usertags: ftbfs-gcc-4.3
Tags: patch

Your package fails to build with GCC 4.3.  Version 4.3 has not been
released yet but I'm building with a snapshot in order to find errors
and give people an advance warning.  In GCC 4.3, the C++ header
dependencies have been cleaned up.  The advantage of this is that
programs will compile faster.  The downside is that you actually
need to directly #include everything you use (but you really should
do this anyway, otherwise your program won't work with any compiler
other than GCC).  Some background of this can be found at
http://gcc.gnu.org/PR28080

You can reproduce this problem with gcc-snapshot (20070326-1 or higher)
from unstable.

> Automatic build of lineak-kdeplugins_2:0.9-4 on coconut0 by sbuild/ia64 0.49
...
> kmixclient.cpp: In member function 'int KMIXClient::volumeUp(int, 
> std::string)':
> kmixclient.cpp:80: error: 'abs' was not declared in this scope
> kmixclient.cpp: In member function 'int KMIXClient::volumeDown(int, 
> std::string)':
> kmixclient.cpp:98: error: 'abs' was not declared in this scope
> kmixclient.cpp: In member function 'int KMIXClient::mute(std::string)':
> kmixclient.cpp:119: error: 'atoi' was not declared in this scope

--- kmix_plugin/kmixclient.cpp~ 2007-04-02 13:14:33.0 +
+++ kmix_plugin/kmixclient.cpp  2007-04-02 13:14:44.0 +
@@ -28,6 +28,7 @@
 #include 

 #include 

 #include 

+#include 

 #include 

 #include 

 #include "kmixclient.h"


-- 
Martin Michlmayr
http://www.cyrius.com/

--- End Message ---
--- Begin Message ---
Source: lineak-kdeplugins
Source-Version: 2:0.9-5

We believe that the bug you reported is fixed in the latest version of
lineak-kdeplugins, which is due to be installed in the Debian FTP archive:

lineak-kdeplugins_0.9-5.diff.gz
  to pool/main/l/lineak-kdeplugins/lineak-kdeplugins_0.9-5.diff.gz
lineak-kdeplugins_0.9-5.dsc
  to pool/main/l/lineak-kdeplugins/lineak-kdeplugins_0.9-5.dsc
lineak-kdeplugins_0.9-5_amd64.deb
  to pool/main/l/lineak-kdeplugins/lineak-kdeplugins_0.9-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ralf Treinen <[EMAIL PROTECTED]> (supplier of updated lineak-kdeplugins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Wed, 28 Nov 2007 20:31:59 +0100
Source: lineak-kdeplugins
Binary: lineak-kdeplugins
Architecture: source amd64
Version: 2:0.9-5
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Ralf Treinen <[EMAIL PROTECTED]>
Description: 
 lineak-kdeplugins - LinEAK KDE plugins
Closes: 417369
Changes: 
 lineak-kdeplugins (2:0.9-5) unstable; urgency=low
 .
   * QA upload
   * Added missing "#include " to kmix_plugin/kmixclient.cpp for
 compilation with gcc-4.3 - thanks to Martin Michlmayr for the patch!
 (closes: #417369).
   * debian/rules: do not ignore errors of "make clean"
Files: 
 b5edd88232c02139e61e7662a23d6954 799 - optional lineak-kdeplugins_0.9-5.dsc
 76f74279209dfd6f264769cdddc45098 3776 - optional 
lineak-kdeplugins_0.9-5.diff.gz
 96e1216e229a861839adf31f4417cb75 89866 x11 optional 
lineak-kdeplugins_0.9-5_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTcimtzWmSeC6BMERAk4OAKDUltgAJrenEOa3pbseLGGbz8Y6MwCgt/c3
XCUn59Q/C3Nx5+eesM/nztM=
=gqyn
-END PGP SIGNATURE-


--- End Message ---

libvncserver 0.9.3.dfsg.1-1 MIGRATED to testing

[Debian testing watch]

FYI: The status of the libvncserver source package
in Debian's testing distribution has changed.

  Previous version: 0.8.2-2
  Current version:  0.9.3.dfsg.1-1

-- 
This email is automatically generated; [EMAIL PROTECTED] is responsible.
See http://people.debian.org/~henning/trille/ for more information.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processing of puppet_0.23.2-14_i386.changes

[Archive Administrator]

puppet_0.23.2-14_i386.changes uploaded successfully to localhost
along with the files:
  puppet_0.23.2-14.dsc
  puppet_0.23.2-14.diff.gz
  puppet_0.23.2-14_all.deb
  puppetmaster_0.23.2-14_all.deb

Greetings,

Your Debian queue daemon


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

puppet_0.23.2-14_i386.changes ACCEPTED

[Debian Installer]

Accepted:
puppet_0.23.2-14.diff.gz
  to pool/main/p/puppet/puppet_0.23.2-14.diff.gz
puppet_0.23.2-14.dsc
  to pool/main/p/puppet/puppet_0.23.2-14.dsc
puppet_0.23.2-14_all.deb
  to pool/main/p/puppet/puppet_0.23.2-14_all.deb
puppetmaster_0.23.2-14_all.deb
  to pool/main/p/puppet/puppetmaster_0.23.2-14_all.deb


Override entries for your package:
puppet_0.23.2-14.dsc - source admin
puppet_0.23.2-14_all.deb - optional admin
puppetmaster_0.23.2-14_all.deb - optional admin

Announcing to [EMAIL PROTECTED]
Closing bugs: 452060 452064 452506 


Thank you for your contribution to Debian.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]