oss-sec mailing list archives
Re: CVE request: XSS in viewvc
From: <cve-assign () mitre org>
Date: Wed, 8 Feb 2017 23:59:30 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
Escape some raw path data before handing off to templates lib/viewvc.py (nav_path): Escape the 'name' property of navigation path components the same way we escape that of the 'root' path component.
Use CVE-2017-5938. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYm/M1AAoJEHb/MwWLVhi2ydkP/iZePnJAdB7POw86HhGs/KEl WyFuBzilrKz11Yn5hGFX/fDPld9Qlc5BKF8AyLeX5NjKonLyvNOSk8uHjUS0uzlh LR7Lzbo+V9+An+17PFbLu0P8BLbFtvMyPvbOloN6MrIJhavB8UAwIROamQONwlxA WtI+YjB0Y4DrRcxX7tx9G2hL6pMUhiLomDC8ZI9NcPHH1ycL6DypPXM7FhUKfayv JnYhR9owZAVBDq3U43D3kbsm7aKMPa6qJKCtXTGlplxXs+QtglQmg421u9NNRWHg Z887uIVuk0sjUZL0YwFGhwfLNy0IXKQr6mEkZU+topPmgWODt/Cqc4lMUS5c/uCj +ZmpqVQ5sEj26cnEh21FhyIvMSdt8Phht3CTbPkIjnL9ZwAZ6TWzQlsOPKMZANYK IJDNjVSgdumCc2HllO/7AqnDqKeXYmKC/nt8GCLRmtlX+8+ugCnkD5+NFx4C49Kx G2zDXt9jbmIITHLIyxmJwHKXOglwebANi9l6+K7tcOOzxQb6zAPdd0s1VxM43WMO V1FcOufegbkp+4Jd4clYhJTLFHutw0KQQx0BDyjHmodZrpMHy0Y5GKygCsxsvh77 oH53yMp3AZeHuMQS0kgzK2RQoEVW0U2+tqpQVglnJ2irHmjs9CSKKYRKGN8FqdKz pD5vwyqr7SXdOymWK+vu =LX6c -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS in viewvc Sébastien Delafond (Feb 08)
- Re: CVE request: XSS in viewvc cve-assign (Feb 08)