Summary: | <dev-util/buildbot-0.7.11_p3: Cross-site scripting vulnerabilities (CVE-2009-{2959,2967}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Arfrever Frehtes Taifersar Arahesis (RETIRED) <arfrever> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dustin, python |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://buildbot.net/trac | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Arfrever Frehtes Taifersar Arahesis (RETIRED)
2009-08-27 00:03:52 UTC
CVE-2009-2959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2959): Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2009-2967 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2967): Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959. Arches, please test and mark stable: =dev-util/buildbot-0.7.11_p3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" x86 stable Stable on alpha. Stable for HPPA. ppc stable ppc64 done arm/ia64/s390/sh/sparc stable amd64 stable, all arches done. XSS in Webapps -> noglsa. Closing. |