Date: Tue, 3 Jan 2012 20:55:19 +0100 From: Moritz Mühlenhoff <jmm@...til.org> To: oss-security@...ts.openwall.com Cc: Craig Barratt <cbarratt@...rs.sourceforge.net>, cve-assign@...re.org, security@...ntu.com Subject: Re: CVE Request: Security issue in backuppc On Thu, Oct 27, 2011 at 04:00:48PM -0500, Jamie Strandboge wrote: > Hi Craig, > > While preparing updates to fix CVE-2011-3361 in Ubuntu I discovered > another XSS vulnerability in View.pm when accessing the following URLs > in backuppc: > index.cgi?action=view&type=XferLOG&num=<XSS here>&host=<some host> > index.cgi?action=view&type=XferErr&num=<XSS here>&host=<some host> > > You are being emailed as the upstream contact. Please keep > oss-security@...ts.openwall.com CC'd for any updates on this issue. > > To oss-security, can I have a CVE for this? It is essentially the same > vulnerability and fix as for CVE-2011-3361, but in CGI/View.pm instead > of CGI/Browse.pm. Attached is a patch to fix this issue. Tested on > 3.0.0, 3.1.0, 3.2.0 and 3.2.1. *ping* This hasn't ended up in a CVE assignment. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.