Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 448516 - <www-apps/b2evolution-4.1.6: unspecified XSS vulnerability
Summary: <www-apps/b2evolution-4.1.6: unspecified XSS vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://b2evolution.net/man/introducti...
Whiteboard: B4 [noglsa]
Keywords:
: 435028 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-12-25 12:32 UTC by Matti Bickel (RETIRED)
Modified: 2013-01-01 20:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matti Bickel (RETIRED) gentoo-dev 2012-12-25 12:32:38 UTC 
I've been unable to verify that but the changelog for 4.1.6 states:
Changes in v 4.1.6 include:
[...]
* Security fixes

Haven't seen a CVE-ID or similar for this. Anyway, I've bumped the package and hand this to you guys. Do we continue with the 30-days in the tree until stable route or shall we fast-track this one - given that between 4.1.6 and latest stable there *are* security releases?
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2012-12-27 19:25:28 UTC 
*** Bug 435028 has been marked as a duplicate of this bug. ***
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-29 15:05:25 UTC 
Thanks for the report, Matti.

I doubt this affects the current stable version, but since there is no documentation we can err on the side of caution.

No, we do not have to wait 30 days for security bugs. 

Arches, please test and mark stable =www-apps/b2evolution-4.1.6
Comment 3 Agostino Sarubbo gentoo-dev 2012-12-29 18:05:10 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2012-12-29 18:05:37 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2012-12-31 23:28:02 UTC 
ppc stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2013-01-01 18:32:41 UTC 
alpha keywords dropped
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-01 20:21:38 UTC 
Thanks, everyone. 

Closing noglsa for XSS issue.