739594 – (CVE-2017-8920) net-irc/cgiirc: XSS in R parameter in irc.cgi (CVE-2017-8920)

Bug 739594 (CVE-2017-8920) - net-irc/cgiirc: XSS in R parameter in irc.cgi (CVE-2017-8920)

Summary: net-irc/cgiirc: XSS in R parameter in irc.cgi (CVE-2017-8920)

Status:	RESOLVED FIXED

Alias:	CVE-2017-8920

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:	PMASKED

Depends on:	738096
Blocks:
	Show dependency tree

Reported:	2020-08-30 05:11 UTC by Sam James
Modified:	2021-12-10 16:54 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-08-30 05:11:33 UTC

Description:
"irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS."

Comment 1 Larry the Git Cow gentoo-dev

2021-11-10 18:18:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f2a070802d77a72e7a48f015007047251e24fce

commit 7f2a070802d77a72e7a48f015007047251e24fce
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2021-11-10 18:17:49 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2021-11-10 18:17:55 +0000

    package.mask: Last rite net-irc/cgiirc
    
    Bug: https://bugs.gentoo.org/739594
    Bug: https://bugs.gentoo.org/819327
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2021-12-10 09:20:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4700b7a13da522a5f82ffe8bdf9383b7cf40c93

commit d4700b7a13da522a5f82ffe8bdf9383b7cf40c93
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2021-12-10 09:20:06 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2021-12-10 09:20:06 +0000

    net-irc/cgiirc: treeclean
    
    Closes: https://bugs.gentoo.org/738096
    Closes: https://bugs.gentoo.org/819327
    Bug: https://bugs.gentoo.org/739594
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 net-irc/cgiirc/Manifest             |  1 -
 net-irc/cgiirc/cgiirc-0.5.10.ebuild | 45 -------------------------------------
 net-irc/cgiirc/metadata.xml         |  8 -------
 profiles/package.mask               |  6 -----
 4 files changed, 60 deletions(-)

Comment 3 John Helmert III archtester

2021-12-10 16:54:50 UTC

All unstable so no GLSA, closing!