CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
70.5%
Gerfried Fuchs uploaded new packages for ejabberd which fixed the
following security problems:
CVE-2009-0934, Debian BTS #520852
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors related to links and MUC logs.
For the lenny-backports distribution the problems have been fixed in
version 2.0.5-1~bpo50+1.
For the squeeze and sid distributions the problems have been fixed in
version 2.0.5-1.
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | hurd-i386 | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_hurd-i386.deb |
Debian | 6 | mips | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_mips.deb |
Debian | 5 | hppa | ejabberd | < 2.0.1-6+lenny1 | ejabberd_2.0.1-6+lenny1_hppa.deb |
Debian | 5 | sparc | ejabberd | < 2.0.1-6+lenny1 | ejabberd_2.0.1-6+lenny1_sparc.deb |
Debian | 999 | powerpc | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_powerpc.deb |
Debian | 999 | all | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_all.deb |
Debian | 999 | ia64 | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_ia64.deb |
Debian | 999 | alpha | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_alpha.deb |
Debian | 5 | ia64 | ejabberd | < 2.0.1-6+lenny1 | ejabberd_2.0.1-6+lenny1_ia64.deb |
Debian | 999 | i386 | ejabberd | < 2.0.5-1 | ejabberd_2.0.5-1_i386.deb |