Package: mono Severity: important Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for mono.
CVE-2008-3422[0]: | Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net | class libraries in Mono 2.0 and earlier allow remote attackers to | inject arbitrary web script or HTML via crafted attributes related to | (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs | (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) | HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect | (RenderChildren). If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Also see the discussion on upstream's mailinglist about the issue and the proposed patch[1], as well as Novell's bugreport[2]. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422 http://security-tracker.debian.net/tracker/CVE-2008-3422 [1] http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html [2] https://bugzilla.novell.com/show_bug.cgi?id=413534 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
