[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20111230075223.05D6859DF0@kinkhorst.com>
Date: Fri, 30 Dec 2011 08:52:23 +0100 (CET)
From: Thijs Kinkhorst <thijs@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2263-2] movabletype-opensource
security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2263-2 security@...ian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 30, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : movabletype-opensource
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : not yet available
Debian Bug : 627936
Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny'
suite at that time. This update adds that package. The original advisory
text follows.
It was discovered that Movable Type, a weblog publishing system,
contains several security vulnerabilities:
A remote attacker could execute arbitrary code in a logged-in users'
web browser.
A remote attacker could read or modify the contents in the system
under certain circumstances.
For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.3-1+lenny3.
For the stable distribution (squeeze), these problems have been fixed in
version 4.3.5+dfsg-2+squeeze2.
For the testing distribution (wheezy) and for the unstable
distribution (sid), these problems have been fixed in version
4.3.6.1+dfsg-1.
We recommend that you upgrade your movabletype-opensource packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJO/W15AAoJEOxfUAG2iX579YAH/iHvmSvkzHQj5mrg48eEw8XI
RCWvrYvCmnvPSJWia0c0p66KuncfABjWO3vN2MQR231TYlFH1UXGhwDQ6pyIxM9S
jjvxmpoJD3DJm9VDlviSJfUulz9f47xyNbOMnB1griTlueOotYZR98B3MnbYzaB/
hemCTK7eC5tHgUj2LK3iVClmmL+OL9ykhFT7gYwJ+k4SX7zh82jrvghzktFoM9RV
nbsVx6uqI341SVIuM/hbDuIHhWnobSPZyEcGEXoU1YcojezwLz/HMyEm929OsWTl
t0SurJvEEGvSQwiIO1cp0/S9txZZtuZQrLFpnFBdnC5YFihdM8TQN2sIZ0y3izA=
=E15M
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists