Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Jan 2012 20:55:19 +0100
From: Moritz Mühlenhoff <>
Cc: Craig Barratt <>,,
Subject: Re: CVE Request: Security issue in backuppc

On Thu, Oct 27, 2011 at 04:00:48PM -0500, Jamie Strandboge wrote:
> Hi Craig,
> While preparing updates to fix CVE-2011-3361 in Ubuntu I discovered
> another XSS vulnerability in when accessing the following URLs
> in backuppc:
> index.cgi?action=view&type=XferLOG&num=<XSS here>&host=<some host>
> index.cgi?action=view&type=XferErr&num=<XSS here>&host=<some host>
> You are being emailed as the upstream contact. Please keep
>[1] CC'd for any updates on this issue.
> To oss-security, can I have a CVE for this? It is essentially the same
> vulnerability and fix as for CVE-2011-3361, but in CGI/ instead
> of CGI/ Attached is a patch to fix this issue. Tested on
> 3.0.0, 3.1.0, 3.2.0 and 3.2.1.


This hasn't ended up in a CVE assignment.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ