Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 204409 (CVE-2007-6421)

Summary: www-servers/apache-2.2.X httpd mod_proxy_balancer cross-site scripting (CVE-2007-6421)
Product: Gentoo Security Reporter: Lars Hartmann <lars>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: apache-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=427229
Whiteboard: C4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 204838    
Bug Blocks:    

Description Lars Hartmann 2008-01-05 10:34:14 UTC 
There is a cross site scripting vulnerability in mod_proxy_balancer which can be fixed by aplying the following patches:
http://marc.info/?l=apache-cvs&m=119927040920697&w=2

Reproducible: Always
Comment 1 Lars Hartmann 2008-01-05 10:35:10 UTC 
maintainers - please provide an updated ebuild
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-01-07 23:03:54 UTC 
fixed in 2.2.6-r7, see #204838
Comment 3 Benedikt Böhm (RETIRED) gentoo-dev 2008-01-10 16:19:47 UTC 
this one is ready
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-13 14:10:05 UTC 
I vote NO.
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-01-28 21:52:23 UTC 
voting NO too, and closing.