CVE-2009-2937

NameCVE-2009-2937
DescriptionCross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs546178, 546179

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
planet-venus (PTS)buster0~git9de2109-4.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
planetsource(unstable)(unfixed)low546178
planet-venussourcelenny0~bzr95-2+lenny1
planet-venussource(unstable)0~bzr116-1low546179

Notes

[lenny] - planet <no-dsa> (Minor issue)
[etch] - planet <no-dsa> (Minor issue)
[etch] - planet-venus <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems