CVE-2005-0085

Name	CVE-2005-0085
Description	Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-680-1
Debian Bugs	305996

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
htdig (PTS)	buster, bullseye	1:3.2.0b6-18	fixed
	bookworm	1:3.2.0b6-19	fixed
	trixie, sid	1:3.2.0b6-20	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
htdig	source	woody	3.1.6-3woody1		DSA-680-1
htdig	source	(unstable)	1:3.1.6-11			305996