First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 193960
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 193960 depends on: Show dependency tree
Bug 193960 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-09-27 09:02 0000 
Enrico Milanese has reported a vulnerability in eGroupWare, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "cat_data[color]" parameter in
preferences/inc/class.uicategories.inc.php and
admin/inc/class.uicategories.inc.php is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.4.001. Other versions may also be
affected.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Enrico Milanese

Original Advisory:
http://www.egroupware.org/viewvc?view=rev&revision=24443

------- Comment #1 From Pierre-Yves Rofes 2007-09-27 09:04:05 0000 ------- 
web-apps please advise.

------- Comment #2 From Robert Buchholz 2007-09-27 21:19:53 0000 ------- 
This is CVE-2007-5091.

------- Comment #3 From Gunnar Wrobel 2007-09-29 15:19:39 0000 ------- 
Version 1.4.002 is in the tree and should be marked stable on the following
arches:

alpha amd64 hppa ppc x86

------- Comment #4 From Pierre-Yves Rofes 2007-09-29 15:26:20 0000 ------- 
(In reply to comment #3)
> Version 1.4.002 is in the tree and should be marked stable on the following
> arches:
> 
> alpha amd64 hppa ppc x86
> 

Thanks gunnar.

------- Comment #5 From Pierre-Yves Rofes 2007-09-29 15:27:22 0000 ------- 
oops, seems some arches weren't added.

------- Comment #6 From Jeroen Roovers 2007-09-29 16:08:45 0000 ------- 
Er, so that's =www-apps/egroupware-1.4.002 then.

------- Comment #7 From Jeroen Roovers 2007-09-29 17:23:51 0000 ------- 
Stable for HPPA.

------- Comment #8 From Markus Meier 2007-09-30 15:15:17 0000 ------- 
x86 stable

------- Comment #9 From Tobias Scherbaum 2007-09-30 19:58:31 0000 ------- 
ppc stable

------- Comment #10 From Raúl Porcel 2007-10-01 13:22:16 0000 ------- 
alpha stable

------- Comment #11 From Angelo Arrifano 2007-10-05 00:52:23 0000 ------- 
www-apps/egroupware-1.4.002  USE="gd mysql vhosts -jpgraph -ldap -postgres"

- Emerges on AMD64.
- I didn't have resources to test all the functionality. Although the setup
wizard ran well.

------- Comment #12 From Mike Doty 2007-10-11 07:20:33 0000 ------- 
amd64 stable, thanks mixnix

------- Comment #13 From Pierre-Yves Rofes 2007-10-11 07:26:50 0000 ------- 
time for glsa decision. I vote NO.

------- Comment #14 From Gunnar Wrobel 2007-10-11 09:13:53 0000 ------- 
Removed insecure version. webapps done here.

------- Comment #15 From Matt Drew 2007-10-11 21:28:44 0000 ------- 
XSS, I vote no.

------- Comment #16 From Pierre-Yves Rofes 2007-10-11 21:31:48 0000 ------- 
closing without glsa.
First Last Prev Next    No search results available      Search page      Enter new bug