Accepted fex 20100208+debian1-1+squeeze4 (source all) into squeeze-lts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 30 Sep 2014 19:00:33 +0200
Source: fex
Binary: fex fex-utils
Architecture: source all
Version: 20100208+debian1-1+squeeze4
Distribution: squeeze-lts
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
fex - web service for transfering very large files
fex-utils - web service for transfering very large files (utils)
Changes:
fex (20100208+debian1-1+squeeze4) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* [CVE-2014-3875]:
When inserting encoded newline characters into a request to rup,
additional HTTP headers can be injected into the reply, as well
as new HTML code on the top of the website.
* [CVE-2014-3876]:
The parameter akey is reflected unfiltered as part of the HTML
page. Some characters are forbidden in the GET parameter due
to filtering of the URL, but this can be circumvented by using
a POST parameter.
Nevertheless, this issue is exploitable via the GET parameter
alone, with some user interaction.
* [CVE-2014-3877]:
The parameter addto is reflected only slightly filtered back to
the user as part of the HTML page. Some characters are forbidden
in the GET parameter due to filtering of the URL, but this can
be circumvented by using a POST parameter. Nevertheless, this
issue is exploitable via the GET parameter alone, with some user
interaction.
Checksums-Sha1:
e3331c0e6a5a8f2a7096f65260f830d681f215c6 1241 fex_20100208+debian1-1+squeeze4.dsc
fa0489ea9cc2a29eedaa04194b4e1eb938d0bad9 256414 fex_20100208+debian1.orig.tar.gz
99af2b3863ea8a969fd9af8a00f3f35b3388d4ec 10423 fex_20100208+debian1-1+squeeze4.diff.gz
2e10566b19499e6d5da2820ddac08f48a416ba4a 145978 fex_20100208+debian1-1+squeeze4_all.deb
5aada72fe2202113a759929840b0e7bfc3da69bf 27872 fex-utils_20100208+debian1-1+squeeze4_all.deb
Checksums-Sha256:
337ae5ca86176abab3d400c39fb9c4627ce341066c04dda9e017ccfda49832ae 1241 fex_20100208+debian1-1+squeeze4.dsc
75a9037de81fe4de7c55452ea07de167f11d490c8ae585ed57447005ef9eaa8d 256414 fex_20100208+debian1.orig.tar.gz
001efa13fca83af6f2cd3cc74ea6082cea0ee7f438b63f17e969d1a975b967c7 10423 fex_20100208+debian1-1+squeeze4.diff.gz
725d7630c95d72b73d27269df03659560bb3996dbf835d43517f9b0e93c67c2d 145978 fex_20100208+debian1-1+squeeze4_all.deb
50d2a6abd968c77f85386505998adc7d3fe14dbadec53f4e3f47f2c8471db047 27872 fex-utils_20100208+debian1-1+squeeze4_all.deb
Files:
aafff9042aa358c5089f31ec09279f70 1241 web optional fex_20100208+debian1-1+squeeze4.dsc
cdfeb969153025a6df98e22a9dd61e23 256414 web optional fex_20100208+debian1.orig.tar.gz
906c49f87f8ea7558de5fb3bf887e603 10423 web optional fex_20100208+debian1-1+squeeze4.diff.gz
158bb95564a01b38701a906f5c48bed9 145978 web optional fex_20100208+debian1-1+squeeze4_all.deb
fd7c96aeab6cc575b64427e8fafd8225 27872 web optional fex-utils_20100208+debian1-1+squeeze4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQq7FgACgkQ02K2KlS5mJCOfACeLI/nzFf8mnX1gSPntowo98aH
82EAn1eYJNWWBWrXI5gb2ogwHKbVTu52
=59U2
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-lts-changes-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1XZ1mL-0004sl-Of@franck.debian.org">https://lists.debian.org/E1XZ1mL-0004sl-Of@franck.debian.org