+++ This bug was initially created as a clone of Bug #284874 +++ CVE-2008-7220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7220): Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. Mediatomb ships prototype 1.5.1.1 in web/js/
I'm tempted to mask and remove…
This has been fixed by upstream in SVN r2036[1] and will be part of MediaTomb 0.12.0 which is scheduled for January 2010 release. [1] http://mediatomb.svn.sourceforge.net/viewvc/mediatomb?view=rev&revision=2036
This is fixed in bug #264235.
(In reply to comment #3) > This is fixed in bug #264235. > Thanks. 0.12.0 is in the tree but I would like to wait some time for a security stabilization to see if any new bugs arise.
net-misc/mediatomb-0.12.1 is ok to stable. Thanks.
x86 stable
amd64 stable, all arches done.
removing myself to clean up bug queue
Closing noglsa because of the low severity of this issue.