Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Aug 2012 11:15:24 -0500
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm)

Hi Jan, everyone,

[can't seem to follow-up via email, sorry for not CC'ing the others]

Jan Lieskovsky wrote:
>   Issue #B:
>   ---------
>   Then there is a report about non-persistent XSS flaw, that have been
>   fixed in the contrib module of 1.0.8.11 version too:
>   [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685323
> 
>   but I was unable to find the relevant upstream patch (and above Debian
>   BTS entry doesn't contain further information too, which could be acted
>   upon).

The fix is:
http://geshi.svn.sourceforge.net/viewvc/geshi?view=revision&revision=2508

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.