Debian: namazu2 cross-site scripting vulnerability fix

    Date 06 Jan 2005
    11684
    Posted By Joe Shakespeare
    A cross-site scripting vulnerability has been discovered in namazu2, a full text search engine. An attacker could prepare specially crafted input that would not be sanitised by namazu2 and hence displayed verbatim for the victim.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 627-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    January 6th, 2005                       https://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : namazu2
    Vulnerability  : unsanitised input
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-1318
    
    A cross-site scripting vulnerability has been discovered in namazu2, a
    full text search engine.  An attacker could prepare specially crafted
    input that would not be sanitised by namazu2 and hence displayed
    verbatim for the victim.
    
    For the stable distribution (woody) this problem has been fixed in
    version 2.0.10-1woody3.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.0.14-1.
    
    We recommend that you upgrade your namazu2 package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.dsc
          Size/MD5 checksum:      729 55d9af5c2d7acce5eb762335e51da150
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.diff.gz
          Size/MD5 checksum:    10026 c47888f62795d22e2e82c2078e75583e
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10.orig.tar.gz
          Size/MD5 checksum:   833838 85892f930e5ef694f39469f136f484b4
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2-common_2.0.10-1woody3_all.deb
          Size/MD5 checksum:    57566 2619b0261f7c78f567c5b57bc7134709
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2-index-tools_2.0.10-1woody3_all.deb
          Size/MD5 checksum:    78724 0caddc9af184cdd666f3cb8e4b86a38d
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_alpha.deb
          Size/MD5 checksum:   116832 4729657782021cc31cd560b8e5d7eb41
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_alpha.deb
          Size/MD5 checksum:   144424 a15b70d1f03ff9861e533230790718f1
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_alpha.deb
          Size/MD5 checksum:   282454 59f32b2d66a1350f373647d1f66569f6
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_arm.deb
          Size/MD5 checksum:   105864 09deb2f4befbcf66c28ec9cdd4284b94
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_arm.deb
          Size/MD5 checksum:   124170 5c6ff41c3591f8da3fda507b7cfb1d15
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_arm.deb
          Size/MD5 checksum:   264236 1914b11a284327e358d25f7f45522c4b
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_i386.deb
          Size/MD5 checksum:   103678 7eb33aebb6d18620f39bca6b39491f5c
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_i386.deb
          Size/MD5 checksum:   117564 be97133d3c04355444fedafaf08b8d72
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_i386.deb
          Size/MD5 checksum:   254140 fcd5ae7c0cbd72a3fe79efb23545d8d6
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_ia64.deb
          Size/MD5 checksum:   132674 54adcfa851a138b9f5f1ae96cb7e51c3
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_ia64.deb
          Size/MD5 checksum:   150578 26c7c95f53e6dc9905e84f59103cfa24
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_ia64.deb
          Size/MD5 checksum:   296226 55d76574ec6153ce8b0ac3c0ccb47d1f
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_hppa.deb
          Size/MD5 checksum:   112816 155828c8655c08ea416827df8459ea43
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_hppa.deb
          Size/MD5 checksum:   133528 af9255851e8a929e47825967bd014bbf
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_hppa.deb
          Size/MD5 checksum:   274078 aea2d08e925a2812a9eea146cc218385
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_m68k.deb
          Size/MD5 checksum:   100310 f7725c1c8fe62804a0fe39640ae9115b
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_m68k.deb
          Size/MD5 checksum:   112702 f386f191a54c984b4267e358ab4be654
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_m68k.deb
          Size/MD5 checksum:   261686 4b4a86ae53e1fdc86eb00d8cb16ed014
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mips.deb
          Size/MD5 checksum:   105814 b7c1fd14d53989ea2c90731b3f959799
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mips.deb
          Size/MD5 checksum:   131316 51889c3007f3ee41dea8fd7a3c3ec274
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mips.deb
          Size/MD5 checksum:   271730 c2477168d829487189dd6d8b1ce6ff67
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mipsel.deb
          Size/MD5 checksum:   106256 668f8ba923e5d08d5c87a4a5f74740a7
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mipsel.deb
          Size/MD5 checksum:   131404 9f3061b682909c5c5913e699adba864f
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mipsel.deb
          Size/MD5 checksum:   271884 a971c52803427dd47275884f7ba3f0d7
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_powerpc.deb
          Size/MD5 checksum:   108332 c07f0b023e9f181b967d3e7df0de14d3
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_powerpc.deb
          Size/MD5 checksum:   130170 76acd402967c90fbc70f8ae896a4d04f
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_powerpc.deb
          Size/MD5 checksum:   268662 76cab38114df6c859268dff7c88e19c7
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_s390.deb
          Size/MD5 checksum:   105502 db1d1c167293cbf66903e6dd02723c39
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_s390.deb
          Size/MD5 checksum:   119206 384c7333574c8215efa3ccb5e6d38f28
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_s390.deb
          Size/MD5 checksum:   267478 d7916aaa85f57b5ce58233b8ea1ca723
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_sparc.deb
          Size/MD5 checksum:   109758 5f5895fa7dc160572f03554e67511673
        https://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_sparc.deb
          Size/MD5 checksum:   124550 a6865ee432d9456e6f441f97e5630905
        https://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_sparc.deb
          Size/MD5 checksum:   266456 61629bca08f4d73a00998fe3071757d8
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and https://packages.debian.org/
    
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"97","type":"x","order":"1","pct":80.17,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":14.88,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":4.96,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.