Debian-LTS alert DLA-167-1 (redcloth)

From:
    	     
 
Thorsten Alteholz <debian@alteholz.de> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 167-1] redcloth security update 
Date:
    	     
 
Sat, 7 Mar 2015 19:06:40 +0100 (CET)
Message-ID:
    	     
 
<alpine.DEB.2.02.1503071905460.8491@jupiter.server.alteholz.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : redcloth
Version        : 4.2.2-1.1+deb6u1
CVE ID         : CVE-2012-6684
Debian Bug     : 774748

Kousuke Ebihara discovered that redcloth, a Ruby module used to
convert Textile markup to HTML, did not properly sanitize its
input. This allowed a remote attacker to perform a cross-site
scripting attack by injecting arbitrary JavaScript code into the
generated HTML.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU+z4wXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHa5QP/0U5YRsliUtAcPWluoaGu/Ss
2y+sfvynnZ9WRiNuFRA5MA4tdGVeccccWxKOMAUXL014sSc6aZPRjy/snaA+hHZW
C81VnHAj/3KaFdCLx+CDHTs3NNtubqfMFxYzxBUMqnUC9jx0xtt7K8o+oVBcjCPE
xm0EHVa7nOlZ2TeY2qcLZ+t0s7h6lupnFK9lWdogwISHjkP6l1a9VFQ+RaxOjOqi
2S7JyBGxf1aE8aXCJ73JYVAkPtN6GGvKturzdXsSLZ+D1Ft6mB6E34rStyteUYEr
Q+wj/cqZhKpUJzl3cT0ah8j45ZeUu2AKCXPlnCiaXaRSoF59nj5p8CCfkJbR1NLm
EBytRC1eO9HvVr37PPrtlJRvUX8T7c5EVWamx2fjpo8lt8e4As2Hq1PeOtlxREUR
EBPXCzlgrbKmk+kYrHk/PGmHzREfpgrPuOBMA32rlt0V18ybg8XvNLlgS2irqBGw
IBsI5nzGtoLyZ6gD1QKVOvlsfm14MWnolYSfFOEORR2tSbCGECwmyrbk29/tATsx
xyWWs6LzPTiAW7voVyoJhddu72PUPOsUvhBB4dS/z15WJMUOlbYA6vmzaYyK+Aob
BSVWqzwYWS4VmVrc04yy6HC9NCnQmYs5Cv0+Yy35A1yUlnc2h5TH0RDcluehy/ix
j/laI6w7bdK87gW5vWBU
=hrSL
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1503071905460.84...