oss-sec mailing list archives

CVE request: webcalendar before 1.2.7

From: Hanno Böck <hanno () hboeck de>
Date: Mon, 22 Jul 2013 11:21:25 +0200

Hello,

Can I please have three CVEs for webcalendar?

http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/

 - Security fix: Do not show the reason for a failed login (i.e. "no
   such user")
 - Security fix: Escape HTML characters in category name.
 - Security fix: Check all passed in fields (either via HTML form or via
   URL parameter) for certain malicious tags (script, embed, etc.) and
   generate fatal error if found.

I'm not sure if the first is really considered CVE-relevant.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Current thread:

CVE request: webcalendar before 1.2.7 Hanno Böck (Jul 22)
- Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 22)
- <Possible follow-ups>
- Re: CVE request: webcalendar before 1.2.7 security curmudgeon (Jul 22)
  - Re: Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 25)