-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt, CVE-2006-2237
-
Date:
2006-05-22 21:51:34 UTC
-
Revision ID:
james.westby@ubuntu.com-20060522215134-wfjebcfggqkgsvf9
Tags: 6.5-1ubuntu1
* SECURITY UPDATE: Cross-site scripting.
* debian/patches/1001_sanitize_more.patch:
- Use the Sanitize function to filter out arbitrary HTML from 'diricons'
parameter (analoguous to CVE-2006-1945, which is already fixed in this
version).
- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
[CVE-2006-2237]
- Patch from upstream CVS, taken from Debian's 6.5-2 version.