Hi. I've had a look at this one bug, but it may not be easy to fix, I'm afraid, as we're not in sync with upstream's latest version.
It seems only some of the occurences of URLPARAM need to be fixed (those inside forms POSTed, IIRC). The hard thing is to identify them. Maybe some merging between current versions in Debian, upstream's previous one and upstream's latest ? Also there's the problem of updating the installed topics files for running TWikis. Any comments much welcome. Best regards, Le mardi 09 décembre 2008 à 10:54 +0000, Dominic Hargreaves a écrit : > Please see > <http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304> > for details of an XSS vulnerability affecting 4.1.2. > > Thanks, > Dominic. > > > -- Olivier BERGER <[EMAIL PROTECTED]> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
