Date: Mon, 14 Apr 2014 13:34:50 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: cross-site scripting issue fixed in CUPS 1.7.2 Hi, As reported in <https://bugs.mageia.org/show_bug.cgi?id=13196>, the CUPS 1.7.2 release (<http://www.cups.org/blog.php?L717>) fixes a cross-site scripting issue: http://www.cups.org/str.php?L4356 http://www.cups.org/strfiles.php/3268/str4356.patch It may only affect certain configurations - I was not able to reproduce the issue on Fedora 19 and 20. Also, the patch may not be sufficient to cover all different encodings, other special characters of interest etc. Can a CVE please be assigned if one has not been already? Thanks, -- Murray McAllister / Red Hat Security Response Team https://bugzilla.redhat.com/show_bug.cgi?id=1087122
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.