-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt, CVE-2006-2237
-
Date:
2006-05-22 20:01:46 UTC
-
Revision ID:
james.westby@ubuntu.com-20060522200146-6f5k7z7ax4gi0v91
Tags: 6.4-1ubuntu1.1
* SECURITY UPDATE: Cross-site scripting.
* debian/patches/01_sanitize_more.patch:
- Use the Sanitize function to filter out arbitrary HTML from 'diricons'
parameter (analoguous to CVE-2006-1945, which is already fixed in this
version).
- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
[CVE-2006-2237]
- Patch from upstream CVS, taken from Debian's 6.5-2 version.