Debian Security Advisory DSA 2009-1 (tdiary)

Summary
The remote host is missing an update to tdiary announced via advisory DSA 2009-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202009-1
Insight
It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. For the stable distribution (lenny), this problem has been fixed in version 2.2.1-1+lenny1. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.2.1-1.1. We recommend that you upgrade your tdiary packages.