203085 2007-12-22 21:34 0000 sys-cluster/ganglia < 3.0.6 Multiple cross-site scripting issues (CVE-2007-6465) 2008-01-05 18:12:54 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://sourceforge.net/project/shownotes.php?release_id=562168 B4 [noglsa] P2 minor --- 172206 1 rbu@gentoo.org security@gentoo.org hp-cluster@gentoo.org rbu@gentoo.org 2007-12-22 21:34:23 0000 CVE-2007-6465 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6465): Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information. rbu@gentoo.org 2007-12-22 21:36:54 0000 HP-Cluster herd, please advise. Bug 172206 contains updated ebuilds. rbu@gentoo.org 2008-01-05 00:18:56 0000 ping. jsbronder@gentoo.org 2008-01-05 01:36:34 0000 ganglia-3.0.6 added to cvs. rbu@gentoo.org 2008-01-05 02:14:10 0000 Thanks a lot. Arches, please test and mark stable sys-cluster/ganglia-3.0.6. Target keywords : "x86" maekke@gentoo.org 2008-01-05 11:34:48 0000 x86 stable, last arch. rbu@gentoo.org 2008-01-05 12:59:16 0000 It's a vote. NO for me. jaervosz@gentoo.org 2008-01-05 18:12:54 0000 Voting NO and closing.