Jamie Strandboge
2011-Oct-27 21:22 UTC
[Secure-testing-team] Bug#646865: backuppc: [PATCH] fix related issue to CVE-2011-3361 in CGI/View.pm
Package: backuppc Version: 3.2.1-1 Severity: grave Tags: patch security Justification: user security hole User: ubuntu-devel at lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: XSS in CGI/View.pm - lib/BackupPC/CGI/View.pm: update to verify backup number is numeric - CVE-2011-XXXX A CVE was requested on oss-security: http://www.openwall.com/lists/oss-security/2011/10/27/8 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, ''oneiric-updates''), (500, ''oneiric-security''), (500, ''oneiric'') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-12-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -------------- next part -------------- A non-text attachment was scrubbed... Name: tmpcXzVbQ Type: text/x-diff Size: 470 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20111027/da80f79f/attachment.diff>