[Pkg-monitoring-maintainers] Bug#760372: Bug#760372: loganalyzer: CVE-2014-6070
Daniel Pocock
daniel at pocock.pro
Wed Sep 3 11:11:08 UTC 2014
Hi Rainer, Andre,
Could you please comment on this security report?
Is the current Debian package affected?
Regards,
Daniel
On 03/09/14 13:04, Salvatore Bonaccorso wrote:
> Source: loganalyzer
> Version: 3.6.5+dfsg-7
> Severity: important
> Tags: security upstream fixed-upstream
>
> Hi,
>
> the following vulnerability was published for loganalyzer. But I was
> not yet able to verify the vulnerability, but it is said to be fixed
> in 3.6.6 upstream.
>
> CVE-2014-6070[0]:
> Syslog LogAnalyzer persistent XSS injection
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2014-6070
> [1] http://seclists.org/fulldisclosure/2014/Sep/17
> [2] http://loganalyzer.adiscon.com/downloads/
>
> Regards,
> Salvatore
>
> _______________________________________________
> Pkg-monitoring-maintainers mailing list
> Pkg-monitoring-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-monitoring-maintainers
More information about the Pkg-monitoring-maintainers
mailing list