- ------------------------------------------------------------------------- Debian Security Advisory DSA-2611-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Yves-Alexis Perez January 22, 2013 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : movabletype-opensource Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-0209 Debian Bug : 697666 An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries. For the stable distribution (squeeze), this problem has been fixed in version 4.3.8+dfsg-0+squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 5.1.2+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 5.1.2+dfsg-1. We recommend that you upgrade your movabletype-opensource packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-2611-1: movabletype-opensource security update
An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries.
