DSA-724-1 phpsysinfo -- design flaw

Debian Security Advisory

DSA-724-1 phpsysinfo -- design flaw

Date Reported:

18 May 2005

Affected Packages:

phpsysinfo

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 301118.
In Mitre's CVE dictionary: CVE-2005-0870.

More information:

Maksymilian Arciemowicz discovered several cross site scripting issues in phpsysinfo, a PHP based host information application.

For the stable distribution (woody) these problems have been fixed in version 2.0-3woody2.

For the testing (sarge) and unstable (sid) distribution these problems have been fixed in version 2.3-3.

We recommend that you upgrade your phpsysinfo package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:

http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody2.dsc

http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody2.diff.gz

http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0.orig.tar.gz

Architecture-independent component:

http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody2_all.deb

MD5 checksums of the listed files are available in the original advisory.