4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
67.1%
Gerfried Fuchs uploaded new packages for ejabberd which fixed the
following security problems:
CVE-2009-0934, Debian BTS #520852
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors related to links and MUC logs.
For the lenny-backports distribution the problems have been fixed in
version 2.0.5-1~bpo50+1.
For the squeeze and sid distributions the problems have been fixed in
version 2.0.5-1.
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_all.deb |