Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 22 Jun 2014 13:21:47 -0400 (EDT)
From: cve-assign@...re.org
To: corsac@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com,
        team@...urity.debian.org, edi@....de
Subject: Re: XSS vulnerability in apt-cacher-ng

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The way for the attacker to exploit this is to redirect the user's
> browser in a LAN to apt-cacher-ng server (which address the attacker
> has to know) with a manipulated URL.
> 
> http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commit;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad

Use CVE-2014-4510.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTpw+eAAoJEKllVAevmvmsjOkH/3W6Xz5VCheMUY3wbJ42/aMj
UNNNvjJc6UnFCs9svZgBQJjWeqH4YM3T0jhayFunJOm46nasrBGKkANl8Jk4RJl2
hM5UMl4nyKXJGR5IbNsSdzZ5lCa463juGzezU04N+qlthMnXFw1RJny0ezucYSPX
JIdx+vCdMAfSCaejLDiE/Gk8nv3QTYbfgOjUPtyOlnppZlRlGJX7jRao49T+zx1V
somdQ93TNr8N3yLmsD4ivNSeYoiaRrKQ0JnKGvM+hjIlFY2pP4fsA2cYyhj7F25/
UpABIlHveN8go0RlaIa7dzFXQjUrUZlVeuBVjPlpQl0A4OQxIqHLuyRNMYYHdhk=
=2TqM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ