diff options
-rw-r--r-- | doc/security.mdwn | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 6488d7f9e..d5a0266cd 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -500,9 +500,9 @@ as version 3.20100815.9. An upgrade is recommended for all sites. ## XSS via openid selector -Raghav Bisht discovered this XSS in the openid selector. +Raghav Bisht discovered this XSS in the openid selector. ([[!cve CVE-2015-2793]]) The hole was reported on March 24th, a fix was developed on March 27th, -and the fixed version was released on the 29th. A fix was backported -to Debian wheezy as version 3.20141016.2. An upgrade is recommended for -sites using CGI and openid. +and the fixed version 3.20150329 was released on the 29th. A fix was backported +to Debian jessie as version 3.20141016.2 and to Debian wheezy as version +3.20120629.2. An upgrade is recommended for sites using CGI and openid. |