Debian: DSA-2263-2: movabletype-opensource security update
Debian: DSA-2263-2: movabletype-opensource security update
Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package. The original advisory text follows.
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2263-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Thijs Kinkhorst December 30, 2011 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : movabletype-opensource Vulnerability : several Problem type : remote Debian-specific: no CVE ID : not yet available Debian Bug : 627936 Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package. The original advisory text follows. It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances. For the oldstable distribution (lenny), these problems have been fixed in version 4.2.3-1+lenny3. For the stable distribution (squeeze), these problems have been fixed in version 4.3.5+dfsg-2+squeeze2. For the testing distribution (wheezy) and for the unstable distribution (sid), these problems have been fixed in version 4.3.6.1+dfsg-1. We recommend that you upgrade your movabletype-opensource packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.