thr3ads.net - Secure testing team - [Secure-testing-team] Bug#585163: CVE-2010-1916: security issue in Xinha [Jun 2010]

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2010-Jun-09 17:03 UTC

[Secure-testing-team] Bug#585163: CVE-2010-1916: security issue in Xinha

Package: openacs
Severity: grave
Tags: security

Hi,
openacs includes a copy of xinha, for which the following security
issue was reported:

http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml
http://xinha.webfactional.com/ticket/1518

Please check if openacs''s code copy is affected and update the internal
copy in necessary.

There''s already an ITP for xinha (Bug 479708) and since four packages
currently in the archive use xinha (openacs, Horde, serendipity and
dotlrn) it would be nice if we could migrate to a single package
for Squeeze.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Secure testing team - Jun 2010 - Bug#585163: CVE-2010-1916: security issue in Xinha

[Secure-testing-team] Bug#585163: CVE-2010-1916: security issue in Xinha