-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Aug 2015 16:41:10 +0200 Source: roundup Binary: roundup Architecture: source all Version: 1.4.15-3+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Toni Mueller <toni@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: roundup - an issue-tracking system Changes: roundup (1.4.15-3+deb6u1) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2012-6130 Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. * CVE-2012-6131 Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. * CVE-2012-6132 Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. * CVE-2012-6133 XSS flaws in ok and error messages We solve this differently from the proposals in the bug-report by not allowing *any* html-tags in ok/error messages anymore. Checksums-Sha1: bf7268ee3735fc9ac1588052a88a3fc25dfe6cce 1833 roundup_1.4.15-3+deb6u1.dsc 98cd2e1ae5edd795a2b2c83d5f9854704855721b 1440997 roundup_1.4.15.orig.tar.gz df3154f9c835f380e45eb8d01e40ce5d865bf1a4 29213 roundup_1.4.15-3+deb6u1.debian.tar.gz 3dff2dd7772189e6ddaffee7782636a14c297989 1361658 roundup_1.4.15-3+deb6u1_all.deb Checksums-Sha256: 58e502edac814d90d3c56813fba8cd18ff45d9f2d8cc68486abb0fd159a75943 1833 roundup_1.4.15-3+deb6u1.dsc 5dd652b96abbfff4be57a7d39c7fc126f69f86058c2f6d4aefbb2d6d96bf02d9 1440997 roundup_1.4.15.orig.tar.gz d0c9566c60b04d674863a0bba43b178f8afc23591a7ee7438185b6d1d652d748 29213 roundup_1.4.15-3+deb6u1.debian.tar.gz 415ff24c6dc29feeb07c0bb4cfebc23799f1922b7e01ddf515e76d99c2a488a8 1361658 roundup_1.4.15-3+deb6u1_all.deb Files: ce7d7b2414bbc1bed996ace9bb328d34 1833 web optional roundup_1.4.15-3+deb6u1.dsc 65af27f02ff0aef9d6babc7373d426b9 1440997 web optional roundup_1.4.15.orig.tar.gz c0bc148230835aa82dbbd7eeee527ad2 29213 web optional roundup_1.4.15-3+deb6u1.debian.tar.gz 2bf5eaaa013dd187d812311cbe41aa19 1361658 web optional roundup_1.4.15-3+deb6u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJV2eV2XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH+UwQAJ+AVPEebZDOVdXg9shoPHH9 ET9OX2WOcyOJV5GJb/hXlrNpZ6VU+IFgXOnfYl3awWwHb5Fmo44dbss3FLQbG/9K /WbPH5txHVVzqLsMb+y0JqU5q0OuhyxM07b/jpqEMpO3MAtT32oD3dS7GeloXWra /NDJ3i2+8/PE+C31yl6TRRAOYcflsuw6mSuQIJwL+Kgd1omzbjroul7aP4VybEUj 6+gpDKavNN/AQaNTeq0wKmS6eIINKDCcE8oRZJVq7b5SuA7XAECNqJn1Fie6I57b dtHj+21gbuEV+w1KTZXbFYJ+VcKZgKeiWKvm3W+Q5/OkLisF5GCPlhR/hPPnD8B9 LjN26rFc3XPP3Be/Ryrx2O39KCdnfxtdxGDqQNjnN2/b8yk/+rY7u5ciV+aZXr/6 Cp2F1ZYDYLS3JbqVRmIUbHNc0dkD9fxaOtHnVyKZz0dCKEMfFzWZsj27JpjYmR0f Fbg6fMVaBzLS0zhoQu5/HVQtcn4FlUI/AMP3i+2SSLilb9Rv53Qsf2iSw0D5iRBo JXwYiNaqJl9eEmEt2fT5+wyiH5cKimsbTI7mP9KvBg+fKDz/yQzorrRp2rCa/aVz 7OPqMRXDoqSneBCbyEP5OP6bnmZ1jS+OigoHHLcXFlocxVbXZ8UAPZDRdP2iZ4w2 dbZnP9ofDwNBJJ4vZWHJ =gC/g -----END PGP SIGNATURE-----