tags 338983 + patch
thanks
Hello
Fixed version uploaded now to unstable. Version 2.2.9-1.
Do you want me to prepare a sarge version as well? It is trivial to patch
with the information in the bug.
Regards,
// Ola
On Sun, Nov 20, 2005 at 09:15:47AM +0100, Martin Schulze wrote:
> Ola Lundqvist
Ola Lundqvist wrote:
> I assume that this applies to the sarge version as well.
It seems so.
> I'm not sure this should be considered grave as this only can occur
> when a fatal error occur.
Better be save than sorry, also error pages can be referenced.
> I'm not even sure that this is possible
severity 338983 important
thanks
Hello
I assume that this applies to the sarge version as well.
I'm not sure this should be considered grave as this only can occur
when a fatal error occur.
This is the actual fix:
@@ -234,7 +234,7 @@
$errortext = _("A fatal error has occurred:") . "\
Package: horde2
Version: 2.2.8-1
Severity: grave
Tags: security
Justification: user security hole
New upstream version v2.2.9 available to fix potential XSS vulnerability
due to not properly escaped error messages.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux
4 matches
Mail list logo
