Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator
(Sarg) 188.8.131.52 allows remote attackers to inject arbitrary web script or HTML
via the User-Agent header, which is not properly handled when displaying the
Squid proxy log. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.
pva, sorry but we need to bump again.
Heh, this was not announced in sarg mailing list. Thank you Robert. sarg-2.2.5.ebuild is in the tree.
Arches, please test and mark stable:
Target keywords : "amd64 ppc release x86"
Fixed in release snapshot.
glsa request already filed with bug #212208
GLSA 200803-21 with bug 212208, thanks to everybody