From ${URL} : A cross-site scripting flaw was found in ntop's rrdPlugin plug-in. An attacker could use this flaw to perform cross-site scripting attacks against users of the ntop web interface. Original report: http://packetstormsecurity.com/files/127043/ntop-xss.txt The issue seems to be both with content inside the <title> tags, and any trailing content afterwards. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
@ Maintainer(s): The latest version is still affected and nobody seems to have a patch for this. Also upstream has discontinued the software in favor of its successor ntopng which is already in tree. So if you don't find a patch please consider removal.
Netmon team without active development upstream please consider removal from tree.
been multiple years without anyone caring. I approve removal. Apologies for not removing myself, but I'm a bit overwhelmed at the moment.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=615c57092a0cc9004e445edfb74c396fe3bc6bb6
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf5252b406cd0c436c09566105c5e05f406bd46a commit bf5252b406cd0c436c09566105c5e05f406bd46a Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2018-01-06 14:41:21 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-01-06 14:42:28 +0000 net-analyzer/ntop: remove last rited package Bug: https://bugs.gentoo.org/513818 net-analyzer/ntop/Manifest | 1 - net-analyzer/ntop/files/ntop-5.0.1-INCS.patch | 27 --- net-analyzer/ntop/files/ntop-5.0.1-gentoo.patch | 240 ---------------------- net-analyzer/ntop/files/ntop-5.0.1-includes.patch | 20 -- net-analyzer/ntop/files/ntop-5.0.1-librrd.patch | 31 --- net-analyzer/ntop/files/ntop-confd | 9 - net-analyzer/ntop/files/ntop-initd | 30 --- net-analyzer/ntop/files/ntop-initd-r1 | 24 --- net-analyzer/ntop/files/ntop-update-geoip-db | 21 -- net-analyzer/ntop/metadata.xml | 19 -- net-analyzer/ntop/ntop-5.0.1-r2.ebuild | 135 ------------ net-analyzer/ntop/ntop-5.0.1-r3.ebuild | 138 ------------- 12 files changed, 695 deletions(-)}
no removal glsa for XSS
package.mask has been also cleaned.