Ubuntu
xapian-omega package

[Security] xapian-omega CVE-2009-2947

Bug #601160 reported by Brian Thomason on 2010-07-02

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	xapian-omega (Ubuntu)	Fix Released	Undecided	Brian Thomason

Bug Description

Binary package hint: xapian-omega

Fix cross-site scripting vulnerabilities in reporting of exceptions

Related branches

lp:ubuntu/jaunty-security/xapian-omega

CVE References

2009-2947

Revision history for this message

Brian Thomason (brian-thomason) wrote on 2010-07-02:

#1

Jaunty patch Edit (1.6 KiB, text/plain)

Changed in xapian-omega (Ubuntu):
status:	New → In Progress
assignee:	nobody → Brian Thomason (brian-thomason)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-07-07:

#2

Subscribing ubuntu-security-sponsors as per https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes%20for%20Contributors. Brian, in the future please be sure to follow that process or your patch might get missed. Thanks for the patch!

visibility:

private → public

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-07-07:

#3

ACK.

Brian, thanks for the patch! When preparing a debdiff, please always give the origination of the patch either in the patch itself if the patch system supports comments (following DEP-3), or in the changelog. The origin is typically a VCS commit or a distribution. While I see that this came from Debian Lenny, I had to investigate that, which takes time and may stall your patch. I'm accepting since the patch comes from Debian for the same base version we have in Jaunty.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-07-07:

#4

Also, the changelog did not reference the CVE. I've adjusted that and am uploading so as not to further delay the update.

Jamie Strandboge (jdstrand) on 2010-07-07

Changed in xapian-omega (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Olly Betts (ojwb) wrote on 2010-07-07:

#5

hardy and karmic are also affected - see LP587739.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-07-07:

#6

This bug was fixed in the package xapian-omega - 1.0.7-3ubuntu1.1

---------------
xapian-omega (1.0.7-3ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Fix cross-site scripting vulnerabilities (LP: #601160)
  - Fix cross-site scripting vulnerabilities in reporting of exceptions.
  - CVE-2009-2947
-- Brian Thomason <email address hidden> Fri, 02 Jul 2010 13:24:58 -0400

Changed in xapian-omega (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Jaunty patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.