From oss-security  Sun Jun 22 17:21:47 2014
From: cve-assign () mitre ! org
Date: Sun, 22 Jun 2014 17:21:47 +0000
To: oss-security
Subject: [oss-security] Re: XSS vulnerability in apt-cacher-ng
Message-Id: <201406221721.s5MHLlgt003958 () linus ! mitre ! org>
X-MARC-Message: https://marc.info/?l=oss-security&m=140345782119504

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The way for the attacker to exploit this is to redirect the user's
> browser in a LAN to apt-cacher-ng server (which address the attacker
> has to know) with a manipulated URL.
> 
> http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commit;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad

Use CVE-2014-4510.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTpw+eAAoJEKllVAevmvmsjOkH/3W6Xz5VCheMUY3wbJ42/aMj
UNNNvjJc6UnFCs9svZgBQJjWeqH4YM3T0jhayFunJOm46nasrBGKkANl8Jk4RJl2
hM5UMl4nyKXJGR5IbNsSdzZ5lCa463juGzezU04N+qlthMnXFw1RJny0ezucYSPX
JIdx+vCdMAfSCaejLDiE/Gk8nv3QTYbfgOjUPtyOlnppZlRlGJX7jRao49T+zx1V
somdQ93TNr8N3yLmsD4ivNSeYoiaRrKQ0JnKGvM+hjIlFY2pP4fsA2cYyhj7F25/
UpABIlHveN8go0RlaIa7dzFXQjUrUZlVeuBVjPlpQl0A4OQxIqHLuyRNMYYHdhk=
=2TqM
-----END PGP SIGNATURE-----