← Back to branch summary

~ubuntu-branches/ubuntu/hardy/mono/hardy-security

Viewing all changes in revision 78.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-08-19 16:04:59 UTC
  • Revision ID: james.westby@ubuntu.com-20090819160459-a2r4ugrszppc8ly7
Tags: 1.2.6+dfsg-6ubuntu3.1
https://launchpad.net/bugs/282952
https://launchpad.net/bugs/282952
https://launchpad.net/bugs/409920
* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
  the ASP.net class libraries (LP: #282952)
  - debian/patches/security_CVE-2008-3422.dpatch: properly encode and
    escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
    {HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
    HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
    System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
    HtmlInputRadioButtonTest,HtmlSelectTest}.cs
  - CVE-2008-3422
* SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
  - debian/patches/security_CVE-2008-3906.dpatch: encode headers in
    mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
    System.Web.Configuration/HttpRuntimeConfig.cs}
  - CVE-2008-3906
* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
  authentication bypass (LP: #409920)
  - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
    match XMLDSIG erratum and add stricter checks.
  - CVE-2009-0217

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: