Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 30 Aug 2012 22:32:59 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Thomas Biege <thomas@...e.de>
Subject: Re: CVE request: crowbar XSS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/30/2012 06:15 AM, Thomas Biege wrote:
> 
> Hi,
> Matthias Weckbecker of SUSE Linux Products GmbH has found the following
> issue in crowbar:
> 
> http://crowbar.test.de:3000/utils?waiting=true&file=foo'%3B})%
> 3B}alert(document.cookie)</script><!--
> 
> https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48
> https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629
> 
> Cheers,
> Thomas

Please use CVE-2012-3551 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQQD57AAoJEBYNRVNeJnmTRRwQAJQ9FNgVLZOOot7BqQeeK0V7
+/UHgz8C7i/lrNGRfoMPxg21a9nKb7ol4jzNnpeG4dHsmFdMfkXm5f3qvbvWkd+n
zJsDd/JmNQ9bUPHRVXYyZaJhzEy+/dOxs2ItT1Fq5Bh2s1gZQT0nSIwG0ITku0K1
NDy9/1rHSnpmJUa8asyNSWC39xBaPTW5xxqRW0SbJ/ogtzL4WhESl9Hn1+yiKzwn
v6+/TH6Bg32P2c7WItppS6DVOVGyV+yIHlm8X1s+HbBpf1rDo6HS0/sJ/HUTp3SU
9bnzX7X6DPdlyjIPIgJbs6Xq4F5lfytlguIahrOR3GmJoBHVl/oGrlOxaPqTUtwn
Y/0crH3QFN9Eb6PUf9DMODTBGJ+XryD//6eXfoHrTMHBi4vUWfA3svK5GLKB1+Lj
+n/Mk0IpRPBcRtkQ1zVlwDmyixWfBeYNRVfdQiEL5yCpHO5z0sDZDiijG/6vPdZ0
wAUEIRy6FzbuCkCrJ4nH9wtCVdvXD/gBZDUp4fhDt2vsnesg5Rv1UrROyNw19IJO
/eatRGSWbzLCo1PdNib/nqtUsHNf3c3wsqBHASrK9jjSPvv94b97DcKoRylzD/6V
/D21JeNc1mY50iJdIxmJXokmev4qXhS3p9uxW1NvUKs9A0YXhhWeVF13YXajtIOl
zmOj/jXJ4jIRY0EXiYDX
=r8Gw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ