oss-sec mailing list archives
Re: CVE Request: XSS in smokeping / start and end time fields not filtered
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 25 Jul 2013 02:47:28 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/20/2013 01:13 AM, Salvatore Bonaccorso wrote:
Hi Kurt There is another XSS fix which was done after the 2.6.9 release for smokeping. In [1] Steven Chamberlain pointed out that in 2.6.9 upstrem the "start" and "end" time fields are still not filtered. Tobi Oetiker fixed this in a commit following the 2.6.9 release at [2]. But this version is no yet released. [1] http://bugs.debian.org/659899#67 [2] https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563 Does this also needs a separate CVE, as a subsequent fix to the 2.6.9 release? Regards, Salvatore
Please use CVE-2013-4168 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR8OYgAAoJEBYNRVNeJnmT3WkQANxHo9M+etujiCzZVS+YxW/c fLB09stp/lraJRsHdlJIAsESF50IwBoEOxhgEl2UhxB21f/cWVmucbm6O9+ySCA9 iwqnVOdQYJuo17KourhC/CetahGQIVh6oSUU0tO2shUq6kQyWkjR00c3lRxa2qqs 6egxKtu68+eDTHPbqSi03dK8Fb/fzDrFj2f1b7/uJ1VLOhHdgEgT6Lb2uiXMOfUO d0Aov5WaYVvl3N0u7ysiGq9jy0SAAG76f7w6GKEZQtT0PLyg+UHGimmn70ji5iI/ Hp4D7mjUIecXW4hGWsAMqoy4/d+2WFjvXNTyP7gqdX2NjXN92+1xEsBI3qJbdoze Z5efsRa0JaCVQy//wsyYZyPNJBGkb/zKVO0k/PEr44lr8COP1h7CQ5uAEUDHQyoj sFsajrQSaHjY1X4g9QjUUefHTZT7KXU+xD6F36JDrwEfT9+kts0m2lKCKeSWIcJg Z6k18/C/XLK834KkUYRhIo3ljqfd/20cVgSiKy17T7wU/tfoBKmvl3JeYDEQwxyH EAlaFEJ6d22PWDw3bJSMYmkcS/dQ5rQzAVrkwaPB2QVrd9s2LCwJwHq5kepRcQK7 /FHVPwSxb5jF6BTnWuaNZiRhOULe5qkqSv4kGtbffNn7RAeEvaaFF41OZlOsRaCF bGAAsvGzExo2lK2654dL =Y9ti -----END PGP SIGNATURE-----
Current thread:
- CVE Request: XSS in smokeping / start and end time fields not filtered Salvatore Bonaccorso (Jul 20)
- Re: CVE Request: XSS in smokeping / start and end time fields not filtered Kurt Seifried (Jul 25)