Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:2248
HistoryDec 05, 2001 - 12:00 a.m.

[SECURITY] [DSA-088-1] improper character escaping in fml

2001-12-0500:00:00
vulners.com
13
JSON

-----BEGIN PGP SIGNED MESSAGE-----

Debian Security Advisory DSA-088-1 [email protected]
http://www.debian.org/security/ Wichert Akkerman
December 5, 2001

Package : fml
Problem type : improper character escaping
Debian-specific: no

The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2
suffers from a cross-site scripting problem. When generating index
pages for list archives the `<' and `>' characters were not properly
escaped for subjects.

This has been fixed in version 3.0+beta.20000106-5, and we recommend
that you upgrade your fml package to that version. Upgrading will
automatically regenerate the index pages.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.2 alias potato

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:

http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.diff.gz
MD5 checksum: 67b5d072dd0da3846f95db595545ca97

http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.dsc
MD5 checksum: 99a9d695a1b45eb7ee865709551da6f2

http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106.orig.tar.gz
MD5 checksum: 35ed0841980a7de7d1d31d9f715fb50b

Architecture independent archives:

http://security.debian.org/dists/stable/updates/main/binary-all/fml_3.0+beta.20000106-5_all.deb
MD5 checksum: 022401cdfa939b628a10b6d8109a6c72

These packages will be moved into the stable distribution on its next
revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPA4FPqjZR/ntlUftAQF/agL9H58kHN0UvMRVQLi0UN2DXwOFtM6X2rRW
7KXuxFQscmcrTJiDyo4RBW7Ar9YWalAIGP1YgeZK4h/BD6Rw0cJpjCCj8vrZxW6M
U0KYvNXMDpzfXAwpsI1fG35ivURZ8K51
=8XHz
-----END PGP SIGNATURE-----

JSON