Gentoo Bug 202750 - net-analyzer/base < 1.3.9 base_qry_main.php XSS (CVE-2007-6156)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	202750
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 202750 depends on:			Show dependency tree
Bug 202750 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-12-19 04:43 0000

CVE-2007-6156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6156):
  Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in
  Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers
  to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1]
  parameters.

------- Comment #1 From Robert Buchholz 2007-12-19 04:48:39 0000 -------

Netmon, please bump.

------- Comment #2 From Robert Buchholz 2008-01-08 02:46:11 0000 -------

netmon, ping.

------- Comment #3 From Sune Kloppenborg Jeppesen 2008-02-26 20:57:22 0000 -------

netmon please advise.

------- Comment #4 From Pierre-Yves Rofes 2008-05-11 14:41:03 0000 -------

rbu (or someone else with commit access), please bump so we can close this
one...

------- Comment #5 From Pierre-Yves Rofes 2008-07-06 21:06:56 0000 -------

(In reply to comment #4)
> rbu (or someone else with commit access), please bump so we can close this
> one...
> 

*ping*, it's been half a year now...

------- Comment #6 From Robert Buchholz 2008-07-06 21:40:48 0000 -------

*** Bug 229965 has been marked as a duplicate of this bug. ***

------- Comment #7 From Robert Buchholz 2008-07-06 22:09:56 0000 -------

+  06 Jul 2008; Robert Buchholz <rbu@gentoo.org> -base-1.3.6.ebuild,
+  -base-1.3.8.ebuild, +base-1.4.0.ebuild:
+  Version bump, Fixes: XSS Security bug #202750 and undefined function
+  base_header() #201643

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 202750

net-analyzer/base < 1.3.9 base_qry_main.php XSS (CVE-2007-6156)

Last modified: 2008-07-06 22:09:56 0000