Permalink
Browse files

BSA-062 fex

  • Loading branch information...
1 parent b848902 commit 52249abccb084a7a8873221e2235ed7746433a58 @rhonda rhonda committed Mar 16, 2012
Showing with 18 additions and 0 deletions.
  1. +18 −0 news/BSA-062_Security_update_for_fex.mdwn
@@ -0,0 +1,18 @@
+[[!meta date="2012-02-26 15:00:26 UTC"]]
+ Kilian Krause uploaded new packages for fex which fixed the
+ following security problems:
+
+ CVE-2012-0869, CVE-2012-1293 (see also DSA 2414-1 and 2412-2)
+
+ Nicola Fioravanti discovered that F*EX, a web service for transferring
+ very large files, is not properly sanitizing input parameters of the "fup"
+ script. An attacker can use this flaw to conduct reflected cross-site
+ scripting attacks via various script parameters.
+
+ For the squeeze-backports distribution the problems have been fixed in
+ version 20120215-3~bpo60+1.
+
+ The Debian stable and unstable distribution are already fixed, testing (wheezy)
+ will receive this update in the next days.
+
+ We recommend that you upgrade your fex packages.

0 comments on commit 52249ab

Please sign in to comment.