Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 229515 (CVE-2006-7233) - net-im/openfire <3.6.0 login.jsp XSS (CVE-2006-7233)
Summary: net-im/openfire <3.6.0 login.jsp XSS (CVE-2006-7233)
Status: RESOLVED FIXED
Alias: CVE-2006-7233
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.igniterealtime.org/issues/...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-26 09:03 UTC by Markus Ullmann (RETIRED)
Modified: 2008-08-30 10:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Markus Ullmann (RETIRED) gentoo-dev 2008-06-26 09:03:01 UTC 
Page doesn't provide much details
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-06-29 16:09:15 UTC 
Now that is an unhelpful bug report upstream.
Comment 2 Markus Ullmann (RETIRED) gentoo-dev 2008-08-10 15:19:31 UTC 
At least has a sample now upstream
Comment 3 Markus Ullmann (RETIRED) gentoo-dev 2008-08-10 15:20:15 UTC 
and SVN HEAD is even vulnerable atm
Comment 4 Markus Ullmann (RETIRED) gentoo-dev 2008-08-27 12:09:18 UTC 
Okay, 3.6.0 release fixed
http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html

ebuild InCVS
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-08-27 14:10:12 UTC 
Arches, please test and mark stable:
=net-im/openfire-3.6.0
Target keywords : "amd64 x86"
Comment 6 Thomas Raschbacher gentoo-dev 2008-08-28 09:56:38 UTC 
3.6.0 works for me on my (live) server
Comment 7 Markus Ullmann (RETIRED) gentoo-dev 2008-08-28 15:11:10 UTC 
Stable on x86 here too
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2008-08-30 09:14:19 UTC 
amd64 stable
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2008-08-30 09:16:30 UTC 
Ready for vote, I vote NO.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-08-30 10:59:35 UTC 
NO too, and closing without GLSA.