There are several Cross Site Scripting issues in ADOdb versions 4.71 and possibly earlier that may allow for an attacker to render malicious client side code in the victim's browser. if (isset($_GET[$next_page])) { $_SESSION[$curr_page] = $_GET[$next_page]; } if (empty($_SESSION[$curr_page])) $_SESSION[$curr_page] = 1; ## at first page $this->curr_page = $_SESSION[$curr_page];
web-apps team please bump, thx.
Not webapps ;) Also, there's no update available now, 4.71 is still latest version upstream.
4.72 seems to be released, http://sourceforge.net/project/showfiles.php?group_id=42718&package_id=34890&release_id=395252
Thanks for the notification, dev-php/adodb-4.72 is now in the tree. Best regards, CHTEKK.
arches pls test and mark stable, thx
Stefan, please add arches when setting [stable] Target KEYWORDS="alpha amd64 ia64 ppc ppc64 ~sparc x86"
stable on ppc64
x86 done
Stable on alpha + ia64.
ppc stable
amd64 stable. happy voting!
Hehe thx blubb, i tend to say yes
I tend to say no... Could be convinced otherwise if a major portage package made use of this...
RDEPs: dev-php4/adodb-ext-503 dev-php5/adodb-ext-503 net-analyzer/acid-0.9.6_beta23 net-analyzer/acid-0.9.6_beta23-r1 net-analyzer/base-1.2.2 net-analyzer/base-1.2.2-r1 net-www/bugport-1.146 No real XSS victim here, I vote no.
agree with Koon, no major target for Xss, voting NO and closing.