First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 79691
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 80602
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
htdig-3.2.0b6-unescaped_output.patch htdig-3.2.0b6-unescaped_output.patch patch Sune Kloppenborg Jeppesen 2005-01-27 02:51 0000 837 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 79691 depends on: Show dependency tree
Bug 79691 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-01-27 02:49 0000 
htdig suffers from a cross site scripting flaw as found by Michael Krax. 
Looks like this one is different to the last and isn't based on bad 
templates.  The flaw doesn't seem to affect the htdig on htdig.org 
although there is no patch in CVS, so maybe they applied a quick patch 
themselves.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-01-27 02:51:55 0000 ------- 
Created an attachment (id=49640) [details]
htdig-3.2.0b6-unescaped_output.patch

------- Comment #2 From Thierry Carrez (RETIRED) 2005-02-03 11:42:18 0000 ------- 
Apparently parts of it leaked (see bug 80602). Asking for confirmation on v-s
that it should be considered public.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-02-04 00:53:36 0000 ------- 

*** This bug has been marked as a duplicate of 80602 ***
First Last Prev Next    No search results available      Search page      Enter new bug