[BSA-062] Security Update for fex

Kilian Krause uploaded new packages for fex which fixed the
following security problems:

CVE-2012-0869, CVE-2012-1293 (see also DSA 2414-1 and 2412-2)

Nicola Fioravanti discovered that F*EX, a web service for transferring
very large files, is not properly sanitizing input parameters of the "fup"
script. An attacker can use this flaw to conduct reflected cross-site
scripting attacks via various script parameters.

For the squeeze-backports distribution the problems have been fixed in
version 20120215-3~bpo60+1.

The Debian stable and unstable distribution are already fixed, testing (wheezy)
will receive this update in the next days.

We recommend that you upgrade your fex packages.

–
Best regards,
Kilian
Attachment:
signature.asc
Description: Digital signature