CVE-2010-2479

NameCVE-2010-2479
DescriptionCross-site scripting (XSS) vulnerability in HTML Purifier before ...
SourceCVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more)
ReferencesDSA-2067-1
Debian Bugs593301
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
knowledgeroot (PTS)squeeze, wheezy, sid0.9.9.5-6fixed
mahara (PTS)squeeze, squeeze (security)1.2.6-2+squeeze6fixed
moodle (PTS)squeeze (security)1.9.9.dfsg2-2.1+squeeze3fixed
squeeze1.9.9.dfsg2-2.1+squeeze4fixed
jessie, sid2.6.2-1fixed
php-htmlpurifier (PTS)squeeze4.1.1+dfsg1-1fixed
wheezy4.4.0+dfsg1-1fixed
jessie, sid4.4.0+dfsg1-2fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
knowledgerootsource(unstable)0.9.9.5-5
maharasource(unstable)1.2.5-1
maharasourcelenny1.0.4-4+lenny6DSA-2067-1
moodlesource(unstable)1.9.9.dfsg2-1low593301
moodlesourcelenny(not affected)
php-htmlpurifiersource(unstable)4.1.1+dfsg1-1

Notes

[lenny] - moodle <not-affected> (doesn't ship/use htmlpurifier)
[lenny] - knowledgeroot <no-dsa> (low)

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)