[Secure-testing-team] Bug#543822: CVE-2009-2959: Cross-site scripting (XSS) vulnerability
Giuseppe Iuculano
giuseppe at iuculano.it
Thu Aug 27 07:27:54 UTC 2009
Package: buildbot
Version: 0.7.10p1-1,0.7.8-1
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for buildbot.
CVE-2009-2959[0]:
| Cross-site scripting (XSS) vulnerability in the waterfall web status
| view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1
| allows remote attackers to inject arbitrary web script or HTML via
| unspecified vectors.
According to the vendor 0.7.4-3 in etch isn't affected
Please coordinate with the security team (team at security.debian.org) to
prepare packages for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2959
http://security-tracker.debian.net/tracker/CVE-2009-2959
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqWNXcACgkQNxpp46476aqgOACfTvbYZPNmp/4FfVSVVvW1wFbh
U+0AmgKJ4ZvcKwV3bovr0nEy1MLInFLi
=JaSm
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list