------------------------------------------------------------------------
Debian Security Advisory DSA-088-1                   security@debian.org 
Debian -- Security Information                          Wichert Akkerman
December  5, 2001
------------------------------------------------------------------------


Package        : fml
Problem type   : improper character escaping
Debian-specific: no

The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2
suffers from a cross-site scripting problem. When generating index
pages for list archives the `<' ` and>' characters were not properly
escaped for subjects.

This has been fixed in version 3.0+beta.20000106-5, and we recommend
that you upgrade your fml package to that version. Upgrading will
automatically regenerate the index pages.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.


  Source archives:
      
      MD5 checksum: 67b5d072dd0da3846f95db595545ca97
      
      MD5 checksum: 99a9d695a1b45eb7ee865709551da6f2
     
 
      MD5 checksum: 35ed0841980a7de7d1d31d9f715fb50b

  Architecture independent archives:
     
 
      MD5 checksum: 022401cdfa939b628a10b6d8109a6c72


  These packages will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory    .

--
----------------------------------------------------------------------------
apt-get: deb  Debian -- Security Information  stable/updates main
dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org




'