Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 282855 (CVE-2009-2959) - <dev-util/buildbot-0.7.11_p3: Cross-site scripting vulnerabilities (CVE-2009-{2959,2967})
Summary: <dev-util/buildbot-0.7.11_p3: Cross-site scripting vulnerabilities (CVE-2009-...
Status: RESOLVED FIXED
Alias: CVE-2009-2959
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL: http://buildbot.net/trac
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-27 00:03 UTC by Arfrever Frehtes Taifersar Arahesis (RETIRED)
Modified: 2009-12-13 22:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-08-27 00:03:52 UTC 
<dev-util/buildbot-0.7.11_p3 has cross-site scripting vulnerabilities.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-27 12:23:55 UTC 
CVE-2009-2959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2959):
  Cross-site scripting (XSS) vulnerability in the waterfall web status
  view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1
  allows remote attackers to inject arbitrary web script or HTML via
  unspecified vectors.

CVE-2009-2967 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2967):
  Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6
  through 0.7.11p2 allow remote attackers to inject arbitrary web
  script or HTML via unspecified vectors, different vulnerabilities
  than CVE-2009-2959.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-27 12:27:32 UTC 
Arches, please test and mark stable:
=dev-util/buildbot-0.7.11_p3
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2009-08-28 09:15:21 UTC 
x86 stable
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2009-08-28 12:11:40 UTC 
Stable on alpha.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2009-08-29 12:30:45 UTC 
Stable for HPPA.
Comment 6 nixnut (RETIRED) gentoo-dev 2009-08-30 16:26:32 UTC 
ppc stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2009-08-30 23:44:43 UTC 
ppc64 done
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-09-05 14:29:20 UTC 
arm/ia64/s390/sh/sparc stable
Comment 9 Markus Meier gentoo-dev 2009-09-11 19:31:49 UTC 
amd64 stable, all arches done.
Comment 10 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-11 19:57:42 UTC 
XSS in Webapps -> noglsa. Closing.