Date: Tue, 3 Jan 2012 20:55:19 +0100 From: Moritz Mühlenhoff <jmm@...til.org> To: oss-security@...ts.openwall.com Cc: Craig Barratt <cbarratt@...rs.sourceforge.net>, cve-assign@...re.org, security@...ntu.com Subject: Re: CVE Request: Security issue in backuppc On Thu, Oct 27, 2011 at 04:00:48PM -0500, Jamie Strandboge wrote: > Hi Craig, > > While preparing updates to fix CVE-2011-3361 in Ubuntu I discovered > another XSS vulnerability in View.pm when accessing the following URLs > in backuppc: > index.cgi?action=view&type=XferLOG&num=<XSS here>&host=<some host> > index.cgi?action=view&type=XferErr&num=<XSS here>&host=<some host> > > You are being emailed as the upstream contact. Please keep > oss-security@...ts.openwall.com CC'd for any updates on this issue. > > To oss-security, can I have a CVE for this? It is essentially the same > vulnerability and fix as for CVE-2011-3361, but in CGI/View.pm instead > of CGI/Browse.pm. Attached is a patch to fix this issue. Tested on > 3.0.0, 3.1.0, 3.2.0 and 3.2.1. *ping* This hasn't ended up in a CVE assignment. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ