410151 – <dev-perl/Apache-AuthCookie-3.180.0 : possible XSS attack

Bug 410151 - <dev-perl/Apache-AuthCookie-3.180.0 : possible XSS attack

Summary: <dev-perl/Apache-AuthCookie-3.180.0 : possible XSS attack

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-03-29 13:55 UTC by Torsten Veller (RETIRED)
Modified:	2012-04-08 15:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Torsten Veller (RETIRED) gentoo-dev

2012-03-29 13:55:17 UTC

I just got a mail mentioning that the current stable version "allows all undefined users to log in!!!"

I guess it's about:

Version: 3.11 (2008-02-29)
   - Fix tiny pod doc error.
   - Escape CR and LF in 'destination' field to prevent possible XSS attack

Please stabilize 
=dev-perl/Apache-AuthCookie-3.180.0

Comment 1 Agostino Sarubbo gentoo-dev

2012-04-02 16:41:52 UTC

amd64 stable

Comment 2 Andreas Schürch gentoo-dev

2012-04-03 19:40:18 UTC

x86 stable, thanks!

Comment 3 Raúl Porcel (RETIRED) gentoo-dev

2012-04-08 14:52:34 UTC

ia64 keywords dropped

Comment 4 Tim Sammut (RETIRED) gentoo-dev

2012-04-08 15:25:03 UTC

Thanks, everyone. Closing noglsa for XSS.