Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 203085 - sys-cluster/ganglia < 3.0.6 Multiple cross-site scripting issues (CVE-2007-6465)
Summary: sys-cluster/ganglia < 3.0.6 Multiple cross-site scripting issues (CVE-2007-6465)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://sourceforge.net/project/showno...
Whiteboard: B4 [noglsa]
Keywords:
Depends on: 172206
Blocks:
  Show dependency tree
 
Reported: 2007-12-22 21:34 UTC by Robert Buchholz (RETIRED)
Modified: 2008-01-05 18:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-22 21:34:23 UTC 
CVE-2007-6465 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6465):
  Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia
  before 3.0.6 allow remote attackers to inject arbitrary web script or HTML
  via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G,
  (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b)
  web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17)
  cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and
  (26) gs parameters to (c) web/get_context.php.  NOTE: some of these details
  are obtained from third party information.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-12-22 21:36:54 UTC 
HP-Cluster herd, please advise.

Bug 172206 contains updated ebuilds.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-01-05 00:18:56 UTC 
ping.
Comment 3 Justin Bronder (RETIRED) gentoo-dev 2008-01-05 01:36:34 UTC 
ganglia-3.0.6 added to cvs.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-01-05 02:14:10 UTC 
Thanks a lot.

Arches, please test and mark stable sys-cluster/ganglia-3.0.6.
Target keywords : "x86"
Comment 5 Markus Meier gentoo-dev 2008-01-05 11:34:48 UTC 
x86 stable, last arch.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-01-05 12:59:16 UTC 
It's a vote.

NO for me.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-05 18:12:54 UTC 
Voting NO and closing.