Debian Security Advisory DSA 1882-1 (xapian-omega)

Summary
The remote host is missing an update to xapian-omega announced via advisory DSA 1882-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201882-1
Insight
It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website. For the oldstable distribution (etch), this problem has been fixed in version 0.9.9-1+etch1. For the stable distribution (lenny), this problem has been fixed in version 1.0.7-3+lenny1. For the testing (squeeze) and unstable (sid) distribution, this problem will be fixed soon. We recommend that you upgrade your xapian-omega packages.