Package: pgfouine Severity: grave Version: 0.7-1 Tags: security Hi,
The following SA (Secunia Advisory) id was published for GeSHi, which affects the embedded copy in pgfouine[0]. SA32559[1]: > A vulnerability has been reported in GeSHI, which can potentially be > exploited by malicious people to compromise a vulnerable system. > > The vulnerability is caused due to an unspecified error, which may allow > execution of arbitrary code on an affected system. > > The vulnerability is reported in versions prior to 1.0.8.1. It would be great if pgfouine just depended on php-geshi (also available in etch) and the include/require calls changed to use the copy provided by that package, to avoid shipping yet another embedded code copy. If you fix the vulnerability please also make sure to include the SA id in the changelog entry. [0]usr/share/pgfouine/include/reporting/geshi/geshi.php [1]http://secunia.com/Advisories/32559/ Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
