Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 14 May 2015 14:56:40 +0200
From: Martin Prpic <mprpic@...hat.com>
To: "OSS Security Mailinglist" <oss-security@...ts.openwall.com>
Subject: Cross-site scripting flaw in AskBot

Hi,

It was reported to us that certain versions of AskBot are vulnerable to
a cross-site scripting flaw. It is unclear which version fixed this flaw
and what the actual patch was.

Red Hat assigned CVE-2015-3169 to this flaw; Red Hat bug is filed at:

https://bugzilla.redhat.com/show_bug.cgi?id=1221616

If anyone wants to dig through https://github.com/ASKBOT/askbot-devel
and find the root cause and the patch, please post your findings here.

Thanks!

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ