Bug 142597

Summary:

www-apps/sitebar - cross-site scripting vulnerability (CVE-2006-3320)

Product:

Gentoo Security

Reporter:

Carsten Lohrke (RETIRED) <carlo>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

minor

CC:

web-apps

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://www.debian.org/security/2006/dsa-1130

Whiteboard:

B4 [noglsa] jaervosz

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
sitebar.patch	none

Description Carsten Lohrke (RETIRED) gentoo-dev

2006-08-02 18:30:58 UTC

Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2006-08-12 08:05:51 UTC

Created attachment 94053 [details, diff]
sitebar.patch

Patch extracted from Debian diff

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2006-08-12 08:07:15 UTC

web-apps, please bump 3.3.8 with patch.

Comment 3 Renat Lumpau (RETIRED) gentoo-dev

2006-08-17 08:59:43 UTC

done

Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-08-17 10:46:36 UTC

Thanks Renat

PPC, please could you test and mark stable if possible sitebar-3.3.8, thanks in advance

Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev

2006-08-18 08:47:48 UTC

ppc stable

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-08-19 09:18:02 UTC

I vote NO.

Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-08-21 01:14:20 UTC

another no

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-08-21 11:19:51 UTC

2 NO -> closing with NO GLSA.

Feel free to reopen if you disagree.