Hi,
On Sun, 06 Apr 2025 16:13:42 +0200 Salvatore Bonaccorso
<car...@debian.org> wrote:
CVE-2025-2123[0]:
| A vulnerability, which was classified as problematic, has been found
| in GeSHi up to 1.0.9.1. Affected by this issue is the function
| get_var of the file /contrib/cssgen.php of the component CSS
| Handler. The manipulation of the argument default-
| styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to
| cross site scripting. The attack may be launched remotely. The
| exploit has been disclosed to the public and may be used.
cssgen.php is not shipped in the binary packages since #685324
(1.0.8.4-2) and even patched out in the source since 1.0.9.1-1.
I believe we're <not-affected> here :)
WDTY?
Cheers!
Sylvain Beucler
Debian LTS Team
