Roundup security update for Debian 6 LTS

Debian 9903 Published by

A roundup security update has been released for Debian 6 LTS



Package : roundup
Version : 1.4.15-3+deb6u1
CVE ID : CVE-2012-6130 CVE-2012-6131 CVE-2012-6132 CVE-2012-6133

* CVE-2012-6130
Cross-site scripting (XSS) vulnerability in the history
display in Roundup before 1.4.20 allows remote attackers
to inject arbitrary web script or HTML via a username,
related to generating a link.
* CVE-2012-6131
Cross-site scripting (XSS) vulnerability in cgi/client.py
in Roundup before 1.4.20 allows remote attackers to inject
arbitrary web script or HTML via the @action parameter to
support/issue1.
* CVE-2012-6132
Cross-site scripting (XSS) vulnerability in Roundup before
1.4.20 allows remote attackers to inject arbitrary web
script or HTML via the otk parameter.
* CVE-2012-6133
XSS flaws in ok and error messages
We solve this differently from the proposals in the bug-report
by not allowing *any* html-tags in ok/error messages anymore.

$800 Build Guide and more

Top 10 Hidden Windows 10 Features and more

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...