| Summary: | <media-sound/banshee-1.4.3-r2 DAAP Cross-site scripting (CVE-2009-1175) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | sound |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugzilla.gnome.org/show_bug.cgi?id=577270 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Robert Buchholz (RETIRED)
2009-04-01 23:33:05 UTC
Our stable 0.12.1 ships similar files to the 1.4.2 in question with relation to the DAAP web service, so I rated this B3. Let's see how upstream comes up with a patch. Fixed in 1.5.0 by the looks of it, but it's p.masked by loki_val, with message "Development version, Work-In-Progress". <snap> Comment #4 from Gabriel Burt (banshee developer, points: 21) 2009-05-04 16:22 UTC [reply] I have pushed a fix to both the stable branch (from which 1.4.4 will be released) and master (from which 1.5.0 etc will come). </snap> +*banshee-1.4.3-r2 (23 Jul 2009) + + 23 Jul 2009; Samuli Suominen <ssuominen@gentoo.org> + +banshee-1.4.3-r2.ebuild, +files/banshee-1.4.3-CVE-2009-1175.patch: + Backport patch from upstream git for DAAP Cross-site scripting + CVE-2009-1175 wrt #264568. *** Bug 272322 has been marked as a duplicate of this bug. *** x86 stable amd64 stable ppc, ping ppc done XSS → noglsa. |
