-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-32
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 09 Sep 2008
 Last revised: 09 Sep 2008

 Package: cgiwrap

 Summary: Cross-site scripting (XSS) vulnerability

 More information:
    CGIWrap is a gateway program that allows general users to use CGI scripts and HTML
    forms without compromising the security of the http server.

    Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer
    based browser is used, allows remote attackers to inject arbitrary web script or HTML
    via unspecified vectors related to failure to set the charset in error messages. (CVE-2008-2852)

 Affected Products:
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux Appliance Server 2.0
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition


 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   cgiwrap-3.9-7.src.rpm
       151699 79c1d07b1ac282610cbe355de7905a77
   turbolinux-tlas-3.0-20070411TL5.src.rpm
        17616 93a1a9f4e964466ed69fe367e5e998fd

   Binary Packages
   Size: MD5

   cgiwrap-3.9-7.x86_64.rpm
        47808 a5080fc36536e6fc001cae6077d169df
   turbolinux-tlas-capstone-3.0-20070411TL5.noarch.rpm
         9347 99c0f9a2869ae14a42b9460d9f49bf3e
   turbolinux-tlas-glue-3.0-20070411TL5.noarch.rpm
        11839 0e96979f89381839f1b26822d5c24498

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   cgiwrap-3.9-7.src.rpm
       151699 79c1d07b1ac282610cbe355de7905a77

   Binary Packages
   Size: MD5

   cgiwrap-3.9-7.i686.rpm
        46143 076009f67e6012ab091302a166527c2f

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   cgiwrap-3.9-7.src.rpm
       151699 8c822157ed2e8ad3e7bd4354a4339be8

   Binary Packages
   Size: MD5

   cgiwrap-3.9-7.i586.rpm
        44974 c8c4d6a447686ab76c9013340792ad9f

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   cgiwrap-3.9-7.src.rpm
       151699 2d33dbd84c783f7344ca93e79a16b8bd

   Binary Packages
   Size: MD5

   cgiwrap-3.9-7.i586.rpm
        41607 6630501a5ed74a990f8cb2b78b6c89e7


 References:

 CVE
   [CVE-2008-2852]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2852

 --------------------------------------------------------------------------
 Revision History
    09 Sep 2008 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2008 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjGUHgACgkQK0LzjOqIJMxpPQCfQOp74WQrW1xnkMIEUzWU01sK
me4AoLJl58Pfa78jQplSHl5PIlnay+Sp
=AfZ1
-----END PGP SIGNATURE-----