Bug 545040

Summary:	<www-apps/ikiwiki-3.20160905: cross-site scripting via openid_identifier
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	alicef
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.openwall.com/lists/oss-security/2015/03/30/5
Whiteboard:	~4 [noglsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2015-03-30 08:13:09 UTC

From ${URL} :

A cross-site scripting vulnerability via openid_identifier was
reported in the Debian BTS at [1]. Upstream fix is at [2]. Could a CVE
be assigned to this issue?

 [1] https://bugs.debian.org/781483
 [2] http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77



@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2016-07-04 11:09:49 UTC

Fixed in versions ikiwiki/3.20150329, ikiwiki/3.20141016.2, ikiwiki/3.20120629.2

Comment 2 Arisu Tachibana Gentoo Infrastructure

2016-09-18 10:00:23 UTC

fixed with Version bump to 3.20160905
https://github.com/gentoo/gentoo/commit/cf6ce29f81b854d58acbafa1749f1621f09c432c

Comment 3 Agostino Sarubbo gentoo-dev

2016-10-22 11:11:27 UTC

stabilzation happened in another bug

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2016-11-11 11:46:35 UTC

@maintainer, please clean the vulnerable versions from the tree.

Comment 5 Arisu Tachibana Gentoo Infrastructure

2016-11-11 18:01:51 UTC

cleaned affected version

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2016-11-12 00:27:57 UTC

(In reply to Alice Ferrazzi from comment #5)
> cleaned affected version

Thanks, again!