Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 14 May 2015 14:56:40 +0200
From: Martin Prpic <mprpic@...hat.com>
To: "OSS Security Mailinglist" <oss-security@...ts.openwall.com>
Subject: Cross-site scripting flaw in AskBot

Hi,

It was reported to us that certain versions of AskBot are vulnerable to
a cross-site scripting flaw. It is unclear which version fixed this flaw
and what the actual patch was.

Red Hat assigned CVE-2015-3169 to this flaw; Red Hat bug is filed at:

https://bugzilla.redhat.com/show_bug.cgi?id=1221616

If anyone wants to dig through https://github.com/ASKBOT/askbot-devel
and find the root cause and the patch, please post your findings here.

Thanks!

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.