A vulnerability has been reported in Namazu, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Input passed in certain character encodings (e.g. UTF-7) to
namazu.cgi is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
The vulnerability is reported in versions prior to 2.0.18.
Update to version 2.0.18.
PROVIDED AND/OR DISCOVERED BY:
Reported via JVN.
2.0.18 in cvs.
Arches, please test and mark stable:
Target keywords : "ppc64 release x86"
Fixed in release snapshot.
I vote NO.
Voting NO too and closing.