oss-sec mailing list archives
Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs
From: Alex Legler <a3li () gentoo org>
Date: Mon, 7 Sep 2009 11:41:33 +0200
On Mon, 7 Sep 2009 10:52:34 +0200, Thomas Biege <thomas () suse de> wrote:
Hello, I do not have any further details, just this changelog entries:
The two commit messages have more or less detailed information:
* security fix: validate the 'view' parameter to avoid XSS attack
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2214
* security fix: avoid printing illegal parameter names and values
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2219 Alex
Attachment:
signature.asc
Description:
Current thread:
- viewvc: CVE request: XSS and illegal characters while printing name-value pairs Thomas Biege (Sep 07)
- Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs Alex Legler (Sep 07)