[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: BackupPC 3.2.1 fixes cross site
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-09-14 18:25:38
Message-ID: 1785682857.1261431.1316024738643.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2011-3361 for this.
Thanks.
--
JB
----- Original Message -----
> Hi,
>
> BackupPC 3.2.1 was released back in April and fixed an XSS problem:
>
> http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
>
> This is upstream's patch:
>
> http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24
>
> The same code is present at least since BackupPC 3.1.0, which is the
> oldest version we support. It seems no CVE id has been issued to date.
> Can
> a CVE id please be assigned?
>
>
> thanks,
> Thijs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic