-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 27 Apr 2008 10:10:53 +0200 Source: phpgedview Binary: phpgedview-places phpgedview-languages phpgedview phpgedview-themes Architecture: source all Version: 4.0.2.dfsg-3 Distribution: stable-security Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: phpgedview - Web-based genealogy viewer and editor phpgedview-languages - Language modules for PhpGedView phpgedview-places - Place names and maps for PhpGedView phpgedview-themes - PhpGedView themes Closes: 443901 Changes: phpgedview (4.0.2.dfsg-3) stable-security; urgency=high . * Upload to stable to fix security issue. * Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. (CVE-2007-5051, Closes: #443901) Files: 30d7415d993b4034f44fdfcd9bf9d998 1053 web optional phpgedview_4.0.2.dfsg-3.dsc 73b1f051f01dcd6520a044badaa40fe6 6181964 web optional phpgedview_4.0.2.dfsg.orig.tar.gz 0ae3d02bf2f9bfecac01bfbb98e16b53 7845 web optional phpgedview_4.0.2.dfsg-3.diff.gz dff7649b79e3f32ee6868839cd3c4c68 1215452 web optional phpgedview_4.0.2.dfsg-3_all.deb 0745d130e09318bd72790028db6a943d 876616 web optional phpgedview-themes_4.0.2.dfsg-3_all.deb ce02af3e71b958d0fd3f72c1eea9eca4 2270996 web optional phpgedview-places_4.0.2.dfsg-3_all.deb 1b004f9221d532a1e07eb242bdd13ba1 1821112 web optional phpgedview-languages_4.0.2.dfsg-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSBQ2s2z0hbPcukPfAQJdZQgAg/KvMwKyOjfMEKu621HOcsYj4+0bjhH7 COnK1PvGBgrZWPrFVjDRiMInBEU2ucHQgGtArIO5dyCmg2xL6oA1qgkapuWCkZLo TzQ7McL+ZAfhUTnH7QLgO5NC9DpXzlx79TiOoH8j8zbzVQbSy3EILZbsuCnGABM7 AeiF+oaxbFo/YOI3rbS3pE+15nsd32jfKoUcOtD2tiKpfPIDnLWT0NbBPAHg9YPK x89eGp78vT0CqkSA3A3vF5+IA2benxb0rjjIQ2wFlIewyQRJ4yXLiNrlB9bveAGN Av1VIJVIDt2SCf+Rfb4H3sYwGI0jWYPlOHrAIb03AuiuRChbPI2WUg== =V+F9 -----END PGP SIGNATURE----- Accepted: phpgedview-languages_4.0.2.dfsg-3_all.deb to pool/main/p/phpgedview/phpgedview-languages_4.0.2.dfsg-3_all.deb phpgedview-places_4.0.2.dfsg-3_all.deb to pool/main/p/phpgedview/phpgedview-places_4.0.2.dfsg-3_all.deb phpgedview-themes_4.0.2.dfsg-3_all.deb to pool/main/p/phpgedview/phpgedview-themes_4.0.2.dfsg-3_all.deb phpgedview_4.0.2.dfsg-3.diff.gz to pool/main/p/phpgedview/phpgedview_4.0.2.dfsg-3.diff.gz phpgedview_4.0.2.dfsg-3.dsc to pool/main/p/phpgedview/phpgedview_4.0.2.dfsg-3.dsc phpgedview_4.0.2.dfsg-3_all.deb to pool/main/p/phpgedview/phpgedview_4.0.2.dfsg-3_all.deb