Source: cherokee Version: 1.2.101-1 Severity: serious Tags: security References: CVE-2011-2191 https://bugs.launchpad.net/ubuntu/+source/cherokee/+bug/784632 https://bugzilla.redhat.com/show_bug.cgi?id=713304
Please verify whether the issue is still present in the package. A quick look at admin/PageVServers.py suggests that this is the case, because the Commit function stores new_nick without any validation. Even though the value is escaped on some accesses admin/PageStatus.py Render_Content does not perform escaping. Helmut -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
