Date: Tue, 6 Mar 2012 13:40:48 -0700 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: smokeping XSS * [2012-02-27 20:26:05 +0100] Florian Weimer wrote: >* Vincent Danen: > >> https://bugzilla.redhat.com/show_bug.cgi?id=783584 > >Is the patch > >https://bugzilla.redhat.com/attachment.cgi?id=556619 > >really correct? It does not strip the two magic characters "= >(" should be enough, = is just defensive), so it's probably still >possible to inject an onmouseover handler and CSS which enlarges the >affected HTML element so that the handler is practically guaranteed to >fire. > >I've just looked at the patch, I haven't got a (patched or unpatched) >smokeping instance to test this. Sorry, slowly catching up on mails here. Whether that is right or wrong, I'm not 100% sure; you'd have to ask upstream. I just did the diff since I couldn't find a svn/git repo web interface to generate a patch, so if it's wrong, then upstream has got it wrong as well. I see that Fedora has used a patch (not sure if it's the same or not), so if I get a chance in the next few days I'll try the new version to try to validate the fix. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ