DSA-1882-1 xapian-omega -- missing input sanitizationID: oval:org.secpod.oval:def:600361 | Date: (C)2011-05-13 (M)2023-11-09 |
Class: PATCH | Family: unix |
It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website. For the oldstable distribution , this problem has been fixed in version 0.9.9-1+etch1. For the stable distribution , this problem has been fixed in version 1.0.7-3+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your xapian-omega packages.
Platform: |
Debian 5.0 |
Debian 4.0 |