Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

htdig: Unescaped output in htsearch and qtest causes security problems.

Related Vulnerabilities: CVE-2005-0085  

Source

Debian Bug report logs - #305996
htdig: Unescaped output in htsearch and qtest causes security problems.

Package: htdig; Maintainer for htdig is Debian QA Group <packages@qa.debian.org>; Source for htdig is src:htdig (PTS, buildd, popcon).

Reported by: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>

Date: Sat, 23 Apr 2005 13:48:05 UTC

Severity: important

Tags: moreinfo, security

Done: Florian Weimer <fw@deneb.enyo.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Robert Ribnitz <ribnitz@linuxbourg.ch>:
Bug#305996; Package htdig. (full text, mbox, link).

Acknowledgement sent to Helge Kreutzmann <kreutzm@itp.uni-hannover.de>:
New Bug report received and forwarded. Copy sent to Robert Ribnitz <ribnitz@linuxbourg.ch>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: htdig: Unescaped output in htsearch and qtest causes security problems.
Date: Sat, 23 Apr 2005 15:34:17 +0200
Package: htdig
Version: N/A; reported 2005-04-23
Severity: important
Tags: security, woody, sarge

Please see the Fedora-alert:

http://lwn.net/Alerts/132723/


Unfortunately, the information given is quite scarce, so I don't know
if this is already fixed in previous (stable) uploads. Please close if
reported in error or change the tags if it only applies to testing.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US

Tags removed: sarge Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Tags removed: woody Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Tags added: moreinfo Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Reply sent to Florian Weimer <fw@deneb.enyo.de>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Helge Kreutzmann <kreutzm@itp.uni-hannover.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #16 received at 305996-done@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>
To: 305996-done@bugs.debian.org
Subject: This is CVE-2005-0085
Date: Sun, 30 Oct 2005 23:23:43 +0100
According to <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144127>
(referenced from the LWN alert), this is CVE-2005-0085, which has
already been fixed in DSA-680-1 (and htdig 1:3.1.6-11 for sid).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Jun 2007 22:30:50 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:57:06 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started