Descriptionwebcheckout in myrepos through 1.20171231 does not sanitize URLs that ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs840014

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
myrepos (PTS)stretch1.20160123vulnerable
buster, bullseye, sid1.20180726fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[stretch] - myrepos <no-dsa> (Minor issue)
[jessie] - myrepos <no-dsa> (Minor issue)
[wheezy] - mr <no-dsa> (Minor issue)
1.16 was made a source-based transitional package to myrepos not containg
in particular webcheckout anymore.;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8

Search for package or bug name: Reporting problems