Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19810
HistoryMay 08, 2008 - 12:00 a.m.

[SECURITY] [DSA 1554-2] New roundup packages fix regression

2008-05-0800:00:00
vulners.com
18
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-1554-2 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
May 06, 2008 http://www.debian.org/security/faq

Package : roundup
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1474
Debian Bug : 472643

Roundup, an issue tracking system, fails to properly escape HTML input,
allowing an attacker to inject client-side code (typically JavaScript)
into a document that may be viewed in the victim's browser.

For the stable distribution (etch), this problem has been fixed in version
1.2.1-5+etch2.

For the unstable distribution (sid), this problem has been fixed in
version 1.3.3-3.1.

We recommend that you upgrade your roundup packages.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Source archives:

http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-5+etch2.dsc
Size/MD5 checksum: 982 90a8692563dfca36cb0778b6429aa664
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1.orig.tar.gz
Size/MD5 checksum: 1058595 38de336cf23d0dc20df17695b7c72806
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-5+etch2.diff.gz
Size/MD5 checksum: 26324 662312074898af0226c723e133fb92cd

Architecture independent packages:

http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-5+etch2_all.deb
Size/MD5 checksum: 1003218 ad60e355ed48161d847860a0f3bb8f2b

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSCBA5Wz0hbPcukPfAQJ5xAgAx4JNKNC8lg0YpiFQ1dVV2lrt6yYa0OpL
uD6mE3J9VWKYGVZHahsvDVFwjov1doYgPMRDShZz7ySgwxzXJZffiIiLl14u3wsW
IUISgX6T1W8ywT2mj8bjr2eHVYFdMCCf3BpBnGuRL6oWlgHW92If1kdN15nv8mfL
qUo4xbvtuzZZTrek6X+AdkPYr3qFQnY/OrOkMSLVx+yoAHJpp0LENhYTbMBaHMT8
W1r8xVOmB8YRiemuTJoBjjpzaoHndtPPKUTQbTF5PhdbDpx9tWGzBHjG69/4PsId
I4FqadmKPzSRmaikU+FzaeCN9pZfMpbOIetxGc97rLVCXAayGuhj3w==
=X7vc
-----END PGP SIGNATURE-----

Related

cve 1
securityvulns 3
github 1
openvas 5
redhatcve 1
osv 2
ubuntucve 1
debian 3
prion 1
nessus 4
gentoo 1
cve
cve
CVE-2008-1474
2008-03-24 22:44:00
securityvulns
securityvulns
[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability
2008-04-24 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-04-24 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-05-08 00:00:00
github
github
Roundup vulnerability related to Cross-site scripting (XSS)
2022-05-01 23:40:33
openvas
openvas
Debian Security Advisory DSA 1554-1 (roundup)
2008-04-30 00:00:00
Debian Security Advisory DSA 1554-2 (roundup)
2008-05-12 00:00:00
Gentoo Security Advisory GLSA 200805-21 (roundup)
2008-09-24 00:00:00
redhatcve
redhatcve
CVE-2008-1474
2019-10-04 22:02:03
osv
osv
Roundup vulnerability related to Cross-site scripting (XSS)
2022-05-01 23:40:33
PYSEC-2008-9
2008-03-24 22:44:00
ubuntucve
ubuntucve
CVE-2008-1474
2008-03-24 00:00:00
debian
debian
[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability
2008-04-22 21:33:54
[SECURITY] [DSA 1554-2] New roundup packages fix regression
2008-05-06 11:29:05
[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability
2008-04-22 21:33:54
prion
prion
Cross site scripting
2008-03-24 22:44:00
nessus
nessus
Debian DSA-1554-2 : roundup - insufficient input sanitising
2008-04-25 00:00:00
Fedora 7 : roundup-1.4.4-1.fc7 (2008-2370)
2008-03-13 00:00:00
GLSA-200805-21 : Roundup: Permission bypass
2008-05-28 00:00:00
gentoo
gentoo
Roundup: Permission bypass
2008-05-27 00:00:00
JSON
Related for SECURITYVULNS:DOC:19810
cve1securityvulns3github1openvas5redhatcve1osv2ubuntucve1debian3prion1nessus4gentoo1