288229 – planet.gentoo.org: Updates to fix XSS issues

Bug 288229 - planet.gentoo.org: Updates to fix XSS issues

Summary: planet.gentoo.org: Updates to fix XSS issues

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Infrastructure
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Infrastructure

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-10-08 18:14 UTC by Alex Legler (RETIRED)
Modified:	2011-06-12 01:18 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Legler (RETIRED) archtester

2009-10-08 18:14:34 UTC

Issue #1: Planet Venus HTML Sanitation Security Bypass Vulnerability
http://secunia.com/advisories/36766/2/

Solution:
Download a version released after 2009-10-09.

see also https://bugzilla.redhat.com/show_bug.cgi?id=525772

--
Issue #2: CVE-2009-2937 planet: Insufficient escaping of input feeds
https://bugzilla.redhat.com/show_bug.cgi?id=522802
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546179

The Debian bug seems to have a patch.

Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester

2010-09-16 12:40:46 UTC

all fixed on new host. closing.