608738 – (CVE-2017-5938) <www-apps/viewvc-1.1.26: XSS (CVE-2017-5938)

Bug 608738 (CVE-2017-5938) - <www-apps/viewvc-1.1.26: XSS (CVE-2017-5938)

Summary: <www-apps/viewvc-1.1.26: XSS (CVE-2017-5938)

Status:	RESOLVED FIXED

Alias:	CVE-2017-5938

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	B4 [noglsa cve]
Keywords:

Depends on:	577950
Blocks:
	Show dependency tree

Reported:	2017-02-09 11:07 UTC by Agostino Sarubbo
Modified:	2017-06-28 11:25 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	www-apps/viewvc-1.1.26
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-02-09 11:07:09 UTC

From ${URL} :

the Debian Security Team would like to request a CVE for an XSS
vulnerability in viewc, that was fixed in release 1.1.26 by the
following change:

  https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-04 11:35:06 UTC

Now in repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbb634585b0c2ff3658e8a46d2d2ab0f6546db3a


@ Arches,

please test and mark stable: =www-apps/viewvc-1.1.26

Comment 2 Agostino Sarubbo gentoo-dev

2017-06-17 17:25:47 UTC

x86 stable

Comment 3 Agostino Sarubbo gentoo-dev

2017-06-18 14:01:53 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-28 11:25:08 UTC

GLSA Vote: No.

Repository is clean, all done.