Oval Definition:oval:org.mitre.oval:def:13304
Revision Date:2014-06-23Version:5
Title:DSA-1774-1 ejabberd -- insufficient input sanitising
Description:It was discovered that ejabberd, a distributed, fault-tolerant Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing remote attackers to perform cross-site scripting attacks. For the stable distribution, this problem has been fixed in version 2.0.1-6+lenny1. The oldstable distribution is not affected by this issue. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.0.5-1. We recommend that you upgrade your ejabberd packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-0934
DSA-1774-1
Platform(s):Debian GNU/Linux 5.0
Product(s):ejabberd
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND jabberd DPKG is earlier than 2.0.1-6+lenny1
  • BACK