-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-08-19 16:04:59 UTC
-
Revision ID:
james.westby@ubuntu.com-20090819160459-a2r4ugrszppc8ly7
Tags: 1.2.6+dfsg-6ubuntu3.1
* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
the ASP.net class libraries (LP: #282952)
- debian/patches/security_CVE-2008-3422.dpatch: properly encode and
escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
{HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
HtmlInputRadioButtonTest,HtmlSelectTest}.cs
- CVE-2008-3422
* SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
- debian/patches/security_CVE-2008-3906.dpatch: encode headers in
mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
System.Web.Configuration/HttpRuntimeConfig.cs}
- CVE-2008-3906
* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
authentication bypass (LP: #409920)
- debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
match XMLDSIG erratum and add stricter checks.
- CVE-2009-0217