Hi ! This bug is fixed in stable and testing, so I think it should be closed.
BR, Ludo > Source: backuppc > Severity: grave > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for backuppc. > > CVE-2011-5081[0]: > | Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC > | 3.1.0, 3.2.1, and possibly other earlier versions allows remote > | attackers to inject arbitrary web script or HTML via the share > | parameter in a RestoreFile action to index.cgi. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5081 > http://security-tracker.debian.org/tracker/CVE-2011-5081 > > -- > Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA > For security reasons, all text in this mail is double-rot13 encrypted. > -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
