Nom du paquet
backuppc
Date
2013-04-08
Advisory ID
MDVSA-2013:062
Affected versions
MBS1 x86_64

Problem description

Updated backuppc packages fix security vulnerabilities:

Cross-site scripting (XSS) vulnerability in RestoreFile.pm in
BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows
remote attackers to inject arbitrary web script or HTML via the share
parameter in a RestoreFile action to index.cgi (CVE-2011-5081).

Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0,
3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to
inject arbitrary web script or HTML via the num parameter in a view
action to index.cgi, related to the log file viewer (CVE-2011-4923).

Also, This update package corrects/improves the definition of
variables in config.pl, the configuration file of backuppc: the
variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath,
TopDir. As a result, backuppc should now run with the default values
installed by the Mageia package, modifications of config.pl should
only be required for defining site-specific settings.

Updated packages

MBS1 x86_64

 b866644e5eca7a42d47382901dd1011c  mbs1/x86_64/backuppc-3.2.1-6.1.mbs1.x86_64.rpm 
 cd70dfcacb731ca54f49053734033d88  mbs1/SRPMS/backuppc-3.2.1-6.1.mbs1.src.rpm

References