Summary: | <net-p2p/transmission-2.61: XSS vulnerability (CVE-2012-4037) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sean Amoss (RETIRED) <ackle> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | net-p2p, pva, ssuominen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/fulldisclosure/2012/Jul/348 | ||
Whiteboard: | C4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 427544 | ||
Bug Blocks: |
Description
Sean Amoss (RETIRED)
2012-07-26 15:39:51 UTC
@net-p2p, Peter, Samuli: may we stabilize =net-p2p/transmission-2.61 ? (In reply to comment #1) > @net-p2p, Peter, Samuli: may we stabilize =net-p2p/transmission-2.61 ? It's not possible because of bug 428272. As in, 2.61 needs x11-libs/gtk+ from ~arch. (In reply to comment #2) > (In reply to comment #1) > > @net-p2p, Peter, Samuli: may we stabilize =net-p2p/transmission-2.61 ? > > It's not possible because of bug 428272. As in, 2.61 needs x11-libs/gtk+ > from ~arch. Bug 428272 has been resolved. Ok to stabilize? Thanks. (In reply to comment #3) > (In reply to comment #2) > > (In reply to comment #1) > > > @net-p2p, Peter, Samuli: may we stabilize =net-p2p/transmission-2.61 ? > > > > It's not possible because of bug 428272. As in, 2.61 needs x11-libs/gtk+ > > from ~arch. > > Bug 428272 has been resolved. Ok to stabilize? Thanks. The build failure from bug 428272 was resolved by setting the x11-libs/gtk+ depend to say >= 3.4 since it's using functions that exist only on >= 3.4 And we don't have bug open for >=x11-libs/gtk+-3.4 stabilization this bug could depend on The required GTK+ is in the list of bug 427544 Thanks, Samuli. CVE-2012-4037 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4037): Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file. *** Bug 436192 has been marked as a duplicate of this bug. *** arch's are in CC list now in bug 427544, so adding here too amd64 stable stable ppc ppc64 x86 stable, last arch! Thanks, everyone. Closing noglsa for XSS / C4 rating. |