[Pkg-monitoring-maintainers] Bug#760372: Bug#760372: loganalyzer: CVE-2014-6070
Rainer Gerhards
rgerhards at hq.adiscon.com
Wed Sep 3 11:15:38 UTC 2014
Andre just went to vacation, but to the best of my knowledge he worked with
the reporter and has released a new version to address this issue.
Rainer
On Wed, Sep 3, 2014 at 1:11 PM, Daniel Pocock <daniel at pocock.pro> wrote:
>
>
> Hi Rainer, Andre,
>
> Could you please comment on this security report?
>
> Is the current Debian package affected?
>
> Regards,
>
> Daniel
>
>
> On 03/09/14 13:04, Salvatore Bonaccorso wrote:
> > Source: loganalyzer
> > Version: 3.6.5+dfsg-7
> > Severity: important
> > Tags: security upstream fixed-upstream
> >
> > Hi,
> >
> > the following vulnerability was published for loganalyzer. But I was
> > not yet able to verify the vulnerability, but it is said to be fixed
> > in 3.6.6 upstream.
> >
> > CVE-2014-6070[0]:
> > Syslog LogAnalyzer persistent XSS injection
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2014-6070
> > [1] http://seclists.org/fulldisclosure/2014/Sep/17
> > [2] http://loganalyzer.adiscon.com/downloads/
> >
> > Regards,
> > Salvatore
> >
> > _______________________________________________
> > Pkg-monitoring-maintainers mailing list
> > Pkg-monitoring-maintainers at lists.alioth.debian.org
> >
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-monitoring-maintainers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-monitoring-maintainers/attachments/20140903/3f6dc351/attachment.html>
More information about the Pkg-monitoring-maintainers
mailing list