Hi Giuseppe, On Saturday 23 May 2009, Giuseppe Iuculano wrote: > Hi, > the following CVE (Common Vulnerabilities & Exposures) ids were > published for ipplan. > > CVE-2009-1732[0]: > | Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan > | 4.91a allows remote attackers to inject arbitrary web script or HTML > | via the grp parameter. > > CVE-2009-1733[1]: > | Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows > | remote attackers to hijack the authentication of administrators for > | requests that (1) change the password, (2) add users, or (3) delete > | users via unknown vectors. > > If you fix the vulnerabilities please also make sure to include the > CVE ids in your changelog entry.
thanks for the notification. I already contacted upstream about the issue. The problem is, I'm on vacation from 30th May til 12th Jun. So if I'm unable to provide a solution in time, feel free for a NMU. With kind regards, Jan.
signature.asc
Description: This is a digitally signed message part.
