---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Debian update for jffnms SECUNIA ADVISORY ID: SA26769 VERIFY ADVISORY: http://secunia.com/advisories/26769/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 4.0 http://secunia.com/product/13844/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for jffnms. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or conduct cross-site scripting and SQL injection attacks. For more information: SA25587 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1.orig.tar.gz Size/MD5 checksum: 547656 6be7ef656cf0eea1d133a0bc71a4bba2 http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.dsc Size/MD5 checksum: 609 7a46a6cdefe38535235aa87dd8e6279c http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.diff.gz Size/MD5 checksum: 76283 cf3fd349e3012b93a4d20711730b26f6 Architecture independent packages: http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1_all.deb Size/MD5 checksum: 550292 94ec8551e3eaa20ae277a5aab47043ee -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.8.3dfsg.1-4. ORIGINAL ADVISORY: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00140.html OTHER REFERENCES: SA25587: http://secunia.com/advisories/25587/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------