|
|
Subscribe / Log in / New account

Debian alert DLA-1750-1 (roundup)



From:
              "Chris Lamb" <lamby@debian.org> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 1750-1] roundup security update 


Date:
              Sun, 07 Apr 2019 08:33:23 -0400


Message-ID:
              <f512649e-0012-4f68-8be8-d238182d80cd@www.fastmail.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : roundup
Version        : 1.4.20-1.1+deb8u2
CVE ID         : CVE-2019-10904

Hanno Böck was discovered that there was a cross-site scripting
(XSS) vulnerability in the web front-end of the roundup issue-
tracking system.

For Debian 8 "Jessie", this issue has been fixed in roundup version
1.4.20-1.1+deb8u2.

We recommend that you upgrade your roundup packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlyp7ZMACgkQHpU+J9Qx
HlgZKxAAwwK/IUgern6W24g0vSS4cq8CYFo1529yxjypRQJSI5SBd0bUnXFO/M5U
ZU9usfMdEM/7jIVYKSj3Fm87PwBKwLxFWHNPMR9leRraooKNNpXUFupSvGllUAgd
1DHjjgjGTXCA8UPzV+1NYNEqxCJluJRpymYKxIY6afDWf7sS3QrC8mLGQWYnVUA+
JnstbhpnMapS+2IzcZe4j9w6xePrd7zehqOFZ9e1Tg77qdLYJoUBAMV/I7aJkRpA
8lAcJV8QVZcCpx+6IUP/iTjUTAalp78xA9+SbqXhT/jJOxLLQg1ycJ8BFfVFpHiY
Z55f3zlZtkV0o/Csd2fdfHWXIcYWtLaOmLjjpexKqUKd0M5vnYC6KsYhr4P8KlOD
jLPrDRj5hq5Sk46PZA+M6ISntO/SHiNJxmpMWpEPlVIuJO4fgeGnK7FQWiaMCVib
9qQdRl/GKjAblRrCDMSTRmGtV0dQT2WV2+ne7hO5uxATLPmTquYmQrFbEo/+xt3K
SRdS3/Ha7Qoh65s9RDF9M1duOW2L2cFS5l+mp0nzcv7Dpe/OX9sQxEgJOtOpFUq2
zSvQKMmT2i6SIF+69LaJY0Ldz6TW2FHA9Tt7tMUiYsTX3vD5LTA8eFnDLM1YUpsW
CPUNTpUAQHf3DhNhQIPvtkM5t7eetUIaz+xJjpX4whgTp0oLQmI=
=wM9T
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds