oss-sec mailing list archives
Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm)
From: Raphael Geissert <geissert () debian org>
Date: Tue, 21 Aug 2012 11:15:24 -0500
Hi Jan, everyone, [can't seem to follow-up via email, sorry for not CC'ing the others] Jan Lieskovsky wrote:
Issue #B: --------- Then there is a report about non-persistent XSS flaw, that have been fixed in the contrib module of 1.0.8.11 version too: [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685323 but I was unable to find the relevant upstream patch (and above Debian BTS entry doesn't contain further information too, which could be acted upon).
The fix is: http://geshi.svn.sourceforge.net/viewvc/geshi?view=revision&revision=2508 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Jan Lieskovsky (Aug 21)
- Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Raphael Geissert (Aug 21)
- Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Kurt Seifried (Aug 21)