[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: CVE request: LetoDMS, more issues
From: Raphael Geissert <geissert () debian ! org>
Date: 2012-10-31 23:30:28
Message-ID: 201210311730.28969.geissert () debian ! org
[Download RAW message or body]
On Wednesday 31 October 2012 09:31:13 Kurt Seifried wrote:
> On 10/30/2012 01:28 PM, Raphael Geissert wrote:
> > On Friday 05 October 2012 23:11:36 Raphael Geissert wrote:
> >> Regression in the above patch (fixed after the release of
> >> 3.3.9):
> >> http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/o
> >> ut/out.UsrMgr.php?r1=982&r2=981&pathrev=982
>
> Does this regression cause a security issue (e.g. did accidentally
> putting htmlspecialchars() in actually cause a new XSS?).
I don't think so. The commit log says[1]:
"no need to escape with htmlspecialchars() because UI::contentSubHeading()
does it too."
[1]http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=982
Thanks,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic