William Grant

**Name of the Vulnerable Software and Affected Versions** Loggerhead versions prior to 1.18.1 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. This is due to a cross-site scripting (XSS) vulnerability in the `templatefunctions.py` file. **Recommendations** For versions prior to 1.18.1, update to version 1.18.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the revision view to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dpkg versions prior to 1.14.29 **Description** A directory traversal issue exists in the dpkg-source component, allowing remote attackers to modify arbitrary files via a crafted Debian source archive. Multiple vulnerabilities in the dpkg-dev package may lead to disruption of integrity and availability of protected information, and exploitation can be done remotely. **Recommendations** For versions prior to 1.14.29, update to version 1.14.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the dpkg-source component until a patch is available. Avoid using crafted Debian source archives in the affected dpkg versions to minimize the risk of exploitation.