Debian Bug report logs -
#351335
CVE-2006-0518: Cross-site scripting (XSS) vulnerability in SPIP
Reported by: Micah Anderson <micah@debian.org>
Date: Sat, 4 Feb 2006 05:33:07 UTC
Severity: important
Done: Martin Michlmayr <tbm@cyrius.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Gaetan RYCKEBOER <gryckeboer@virtual-net.fr>
:
Bug#351335
; Package spip
.
(full text, mbox, link).
Acknowledgement sent to Micah Anderson <micah@debian.org>
:
New Bug report received and forwarded. Copy sent to Gaetan RYCKEBOER <gryckeboer@virtual-net.fr>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: spip
Severity: important
CVE-2006-0518 reads:
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e
and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers
to inject arbitrary web script or HTML via the lang parameter.
See the following references for more information:
http://www.zone-h.org/en/advisories/read/id=8650/
http://www.frsirt.com/english/advisories/2006/0398
http://secunia.com/advisories/18676
Please reference this CVE ID in any changelogs, thanks,
Micah
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Reply sent to Martin Michlmayr <tbm@cyrius.com>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Micah Anderson <micah@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 351335-done@bugs.debian.org (full text, mbox, reply):
spip has been removed because it's buggy, has never been part of a
stable release and security issues, see #384385
--
Martin Michlmayr
http://www.cyrius.com/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 18 Jun 2007 00:33:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:12:41 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.