Bug 229515 (CVE-2006-7233)

Summary:	net-im/openfire <3.6.0 login.jsp XSS (CVE-2006-7233)
Product:	Gentoo Security	Reporter:	Markus Ullmann (RETIRED) <jokey>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	humpback, net-im
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.igniterealtime.org/issues/browse/JM-629
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description Markus Ullmann (RETIRED) gentoo-dev

2008-06-26 09:03:01 UTC

Page doesn't provide much details

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-06-29 16:09:15 UTC

Now that is an unhelpful bug report upstream.

Comment 2 Markus Ullmann (RETIRED) gentoo-dev

2008-08-10 15:19:31 UTC

At least has a sample now upstream

Comment 3 Markus Ullmann (RETIRED) gentoo-dev

2008-08-10 15:20:15 UTC

and SVN HEAD is even vulnerable atm

Comment 4 Markus Ullmann (RETIRED) gentoo-dev

2008-08-27 12:09:18 UTC

Okay, 3.6.0 release fixed
http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html

ebuild InCVS

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2008-08-27 14:10:12 UTC

Arches, please test and mark stable:
=net-im/openfire-3.6.0
Target keywords : "amd64 x86"

Comment 6 Thomas Raschbacher gentoo-dev

2008-08-28 09:56:38 UTC

3.6.0 works for me on my (live) server

Comment 7 Markus Ullmann (RETIRED) gentoo-dev

2008-08-28 15:11:10 UTC

Stable on x86 here too

Comment 8 Tobias Heinlein (RETIRED) gentoo-dev

2008-08-30 09:14:19 UTC

amd64 stable

Comment 9 Tobias Heinlein (RETIRED) gentoo-dev

2008-08-30 09:16:30 UTC

Ready for vote, I vote NO.

Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-08-30 10:59:35 UTC

NO too, and closing without GLSA.