tags 685323 = unreproducible upstream security notfound 685323 geshi/1.0.8.4-1 close 685323 geshi/1.0.8.4-1 thanks
Bug supposedly affected langwiz.php where a leftover var_dump($_GET) could pose an XSS risk if deployed on a public-facing webserver. [1] That file does not exist in the source version of php-geshi packaged by Debian. It was formerly known as langcheck,php, which is shipped by php-geshi 1.0.8.4-1 in doc/examples/, but the vulnerability was not introduced until later. [1] http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/contrib/langwiz.php?r1=2508&r2=2507&pathrev=2508 Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
