-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 23 Oct 2006 17:16:10 -0400 Source: webmin Binary: webmin-core webmin Architecture: source all Version: 1.180-3sarge1 Distribution: stable-security Urgency: high Maintainer: noahm@debian.org Changed-By: Noah Meyerhans <noahm@debian.org> Description: webmin - web-based administration toolkit webmin-core - core modules for webmin Closes: 341394 Changes: webmin (1.180-3sarge1) stable-security; urgency=high . * Non-maintainer upload by the security team. * CVE-2005-3912 Fix syslog format string vulnerability in miniserv.pl (Closes: #341394) This string vulnerability could be used to gain access to the account running miniserv.pl by creating a specialy crafted username. * CVE-2006-3392 Fix input sanitization bug that could be exploited to allow an attacker to read arbitrary files. * CVE-2006-4542 Fix cross-site scripting vulnerability caused by the failure to properly cope with null characters in a URL. Files: 5e723deaccb3db60794e0cb385666992 703 admin optional webmin_1.180-3sarge1.dsc f8fe363e7ccd8fe4072d84cd86a3510e 31458 admin optional webmin_1.180-3sarge1.diff.gz ff19d5500955302455e517cb2942c9d0 2261496 admin optional webmin_1.180.orig.tar.gz 34d96210d581dde8ffea7be82e0897f4 1097552 admin optional webmin_1.180-3sarge1_all.deb 8fa7064325ded44e7f8dbd226b81d9dd 1121200 admin optional webmin-core_1.180-3sarge1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFPTqHYrVLjBFATsMRAjF5AJ9H5lDX9KqEMN7pWuc42/vsdYX7KwCcDyMC CGUk1l4/6+7QEahXHSICc0M= =gkIR -----END PGP SIGNATURE----- Accepted: webmin-core_1.180-3sarge1_all.deb to pool/main/w/webmin/webmin-core_1.180-3sarge1_all.deb webmin_1.180-3sarge1.diff.gz to pool/main/w/webmin/webmin_1.180-3sarge1.diff.gz webmin_1.180-3sarge1.dsc to pool/main/w/webmin/webmin_1.180-3sarge1.dsc webmin_1.180-3sarge1_all.deb to pool/main/w/webmin/webmin_1.180-3sarge1_all.deb
