CVE-2008-1168 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1168): Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
pva, sorry but we need to bump again.
Heh, this was not announced in sarg mailing list. Thank you Robert. sarg-2.2.5.ebuild is in the tree.
Arches, please test and mark stable: =net-analyzer/sarg-2.2.5 Target keywords : "amd64 ppc release x86"
ppc stable
x86 stable
amd64 stable
Fixed in release snapshot.
glsa request already filed with bug #212208
GLSA 200803-21 with bug 212208, thanks to everybody