Ivan Shmakov discovered that the htmlscrubber component of ikiwiki, a wiki
compiler, performs insufficient input sanitization on data:image/svg+xml
URIs. As these can contain script code this can be used by an attacker
to conduct cross-site scripting attacks.
For the stable distribution (lenny), this problem has been fixed in
version 2.53.5.
For the testing distribution (squeeze), this problem has been fixed in
version 3.20100312.
For the unstable distribution (sid), this problem has been fixed in
version 3.20100312.