Home / mailings [SECURITY] [DSA 2263-2] movabletype-opensource security update
Posted on 30 December 2011
Debian Security Advisory-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2263-2 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 30, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : movabletype-opensource
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : not yet available
Debian Bug : 627936
Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny'
suite at that time. This update adds that package. The original advisory
text follows.
It was discovered that Movable Type, a weblog publishing system,
contains several security vulnerabilities:
A remote attacker could execute arbitrary code in a logged-in users'
web browser.
A remote attacker could read or modify the contents in the system
under certain circumstances.
For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.3-1+lenny3.
For the stable distribution (squeeze), these problems have been fixed in
version 4.3.5+dfsg-2+squeeze2.
For the testing distribution (wheezy) and for the unstable
distribution (sid), these problems have been fixed in version
4.3.6.1+dfsg-1.
We recommend that you upgrade your movabletype-opensource packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
