Debian: 'fml' cross-site scripting vulnerability
Posted by Team   
Debian The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2suffers from a cross-site scripting problem.

Debian Security Advisory DSA-088-1                                  Wichert Akkerman
December  5, 2001

Package        : fml
Problem type   : improper character escaping
Debian-specific: no

The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2
suffers from a cross-site scripting problem. When generating index
pages for list archives the `<' and `>' characters were not properly
escaped for subjects.

This has been fixed in version 3.0+beta.20000106-5, and we recommend
that you upgrade your fml package to that version. Upgrading will
automatically regenerate the index pages.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.2 alias potato

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
      MD5 checksum: 67b5d072dd0da3846f95db595545ca97
      MD5 checksum: 99a9d695a1b45eb7ee865709551da6f2
      MD5 checksum: 35ed0841980a7de7d1d31d9f715fb50b

  Architecture independent archives:
      MD5 checksum: 022401cdfa939b628a10b6d8109a6c72

  These packages will be moved into the stable distribution on its next

For not yet released architectures please refer to the appropriate
directory$arch/ .

apt-get: deb stable/updates main
dpkg-ftp: dists/stable/updates/main
Mailing list: