Debian Security Advisory

DSA-1568-1 b2evolution -- utilstrækkelig fornuftighedskontrol af inddata

Date Reported:

05 May 2008

Affected Packages:

b2evolution

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 410568.
In Mitre's CVE dictionary: CVE-2007-0175.

More information:

"unsticky" opdagede at b2evolution, en blogmaskine, udførte utilstrækkelig fornuftighedskontrol på inddata, gørende det muligt at udføre skripter på tværs af servere.

I den stabile distribution (etch), er dette problem rettet i version 0.9.2-3+etch1.

I den ustabile distribution (sid), er dette problem rettet i version 0.9.2-4.

Vi anbefaler at du opgraderer din b2evolution-pakke.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:: http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2-3+etch1.diff.gz; http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2.orig.tar.gz; http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2-3+etch1.dsc
Architecture-independent component:: http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2-3+etch1_all.deb

MD5 checksums of the listed files are available in the original advisory.