Mageia alert MGASA-2012-0232 (mono)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0232: mono-2.10.1-1.1.mga1 (1/core) 
Date:
    	       Thu, 23 Aug 2012 09:55:02 +0200
Message-ID:
    	       <20120823075502.GA2353@valstar.mageia.org>

MGASA-2012-0232
Date: 	August 23rd, 2012
Affected releases: 	1

Description:
Updated mono packages fix security vulnerability:

Cross-site scripting (XSS) vulnerability in the ProcessRequest function
in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8
and earlier allows remote attackers to inject arbitrary web script or HTML
via a file with a crafted name and a forbidden extension, which is not
properly handled in an error message (CVE-2012-3382).

Updated Packages:
mono-2.10.1-1.1.mga1
mono-doc-2.10.1-1.1.mga1
mono-data-2.10.1-1.1.mga1
mono-data-oracle-2.10.1-1.1.mga1
mono-data-postgresql-2.10.1-1.1.mga1
mono-data-sqlite-2.10.1-1.1.mga1
mono-extras-2.10.1-1.1.mga1
mono-ibm-data-db2-2.10.1-1.1.mga1
mono-locale-extras-2.10.1-1.1.mga1
mono-nunit-2.10.1-1.1.mga1
mono-wcf-2.10.1-1.1.mga1
mono-web-2.10.1-1.1.mga1
mono-winforms-2.10.1-1.1.mga1
mono-winfxcore-2.10.1-1.1.mga1
monodoc-core-2.10.1-1.1.mga1
lib(64)mono0-2.10.1-1.1.mga1
lib(64)mono2.0_1-2.10.1-1.1.mga1
lib(64)mono-devel-2.10.1-1.1.mga1

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382
http://www.debian.org/security/2012/dsa-2512
https://bugs.mageia.org/show_bug.cgi?id=6789
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2012-0232: mono-2.10.1-1.1.mga1 (1/core)
Date:		Thu, 23 Aug 2012 09:55:02 +0200
Message-ID:		<20120823075502.GA2353@valstar.mageia.org>