oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: XSS in viewvc

From: <cve-assign () mitre org>
Date: Wed, 8 Feb 2017 23:59:30 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad



Escape some raw path data before handing off to templates
  lib/viewvc.py
  (nav_path): Escape the 'name' property of navigation path components
   the same way we escape that of the 'root' path component.


Use CVE-2017-5938.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYm/M1AAoJEHb/MwWLVhi2ydkP/iZePnJAdB7POw86HhGs/KEl
WyFuBzilrKz11Yn5hGFX/fDPld9Qlc5BKF8AyLeX5NjKonLyvNOSk8uHjUS0uzlh
LR7Lzbo+V9+An+17PFbLu0P8BLbFtvMyPvbOloN6MrIJhavB8UAwIROamQONwlxA
WtI+YjB0Y4DrRcxX7tx9G2hL6pMUhiLomDC8ZI9NcPHH1ycL6DypPXM7FhUKfayv
JnYhR9owZAVBDq3U43D3kbsm7aKMPa6qJKCtXTGlplxXs+QtglQmg421u9NNRWHg
Z887uIVuk0sjUZL0YwFGhwfLNy0IXKQr6mEkZU+topPmgWODt/Cqc4lMUS5c/uCj
+ZmpqVQ5sEj26cnEh21FhyIvMSdt8Phht3CTbPkIjnL9ZwAZ6TWzQlsOPKMZANYK
IJDNjVSgdumCc2HllO/7AqnDqKeXYmKC/nt8GCLRmtlX+8+ugCnkD5+NFx4C49Kx
G2zDXt9jbmIITHLIyxmJwHKXOglwebANi9l6+K7tcOOzxQb6zAPdd0s1VxM43WMO
V1FcOufegbkp+4Jd4clYhJTLFHutw0KQQx0BDyjHmodZrpMHy0Y5GKygCsxsvh77
oH53yMp3AZeHuMQS0kgzK2RQoEVW0U2+tqpQVglnJ2irHmjs9CSKKYRKGN8FqdKz
pD5vwyqr7SXdOymWK+vu
=LX6c
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: