Package: pixelpost
Version: 1.7.1-5
Severity: grave
Tags: security
Hi,
Multiple vulnerabilities have been reported against pixelpost.
Full details can be found by following this thread:
http://marc.info/?t=128470282500002&r=1&w=2
CVE-wise they are:
CSRF: CVE-2010-3305
SQL injection fixed in 1.7.3: CVE-2009-4899
XSS fixed in 1.7.3: CVE-2009-4900
But there are a few more that I just reported.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Sun, 16 Jan 2011 15:18:16 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer.
(Sun, 16 Jan 2011 15:18:16 GMT) (full text, mbox, link).
Subject: Bug#610157: Removed package(s) from unstable
Date: Sun, 16 Jan 2011 15:17:47 +0000
Version: 1.7.1-6+rm
Dear submitter,
as the package pixelpost has just been removed from the Debian archive
unstable we hereby close the assiciated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see http://bugs.debian.org/610157
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.
Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 14 Feb 2011 07:31:19 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.