Summary: | sys-cluster/ganglia-web : XSS (CVE-2013-6395) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cluster, jsbronder |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/11/26/4 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-11-26 08:26:01 UTC
CVE-2013-6395 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6395): Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php. 23 Dec 2013; Justin Bronder <jsbronder@gentoo.org> +ganglia-web-3.5.6-r1.ebuild, -ganglia-web-3.5.8.ebuild, +ganglia-web-3.5.8-r1.ebuild, -ganglia-web-3.5.10.ebuild, +ganglia-web-3.5.10-r1.ebuild, +files/CVE-2013-6395-fix-xss.patch: Add patch to fix CVE-2013-6395 (#492580). @security, please fast track stablizing 3.5.6-r1. The only change to any of these ebuilds was to add the patch posted in the original report. Thanks, old bug. new ebuilds with proper patch. 3.5.8-r1 stable in tree. GLSA Vote: No |