Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 204408
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Lars Hartmann <lars@chaotika.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 204408 depends on: 204838 Show dependency tree
Bug 204408 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-01-05 10:29 0000 
This issue is moderate severity as the status page is not enabled by default,
and the suggested configuration protects the status page by hostname (therefore
limiting the scope of the XSS to sites that have made their status page public
or only against site administrators)

solution:
apply patches: http://marc.info/?l=apache-cvs&m=119892119829161&w=2

Reproducible: Always

------- Comment #1 From Lars Hartmann 2008-01-05 10:30:28 0000 ------- 
maintainers - please provide an updated ebuild

------- Comment #2 From Benedikt Böhm 2008-01-07 23:04:36 0000 ------- 
fixed in 2.2.6-r7, see #204838

------- Comment #3 From Benedikt Böhm 2008-01-10 16:19:25 0000 ------- 
this one is ready

------- Comment #4 From Sune Kloppenborg Jeppesen 2008-01-13 14:09:48 0000 ------- 
I vote NO.

------- Comment #5 From Pierre-Yves Rofes 2008-01-28 21:51:37 0000 ------- 
voting NO too, and closing.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug