Summary: | <net-print/cups-1.7.1-r1: cross-site scripting (CVE-2014-2856) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1087122 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-15 09:51:37 UTC
Since cups 1.7.2 fails to build without avahi (which likely hits quite some Gentoo users), I've added this patch in net-print/cups-1.7.1-r1. Please stabilize net-print/cups-1.7.1-r1 Arches, please test and mark stable: =net-print/cups-1.7.1-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" amd64 stable x86 stable Stable for HPPA. alpha stable arm stable CVE-2014-2856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2856): Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. ppc stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Maintainer(s), Thank you for cleanup! Security please Vote! Closing no GLSA for Cross Site Scripting |