Summary: | <www-apps/ikiwiki-3.20160905: XSS in raised exception via crafted filename (CVE-2016-4561) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | alicef |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1334191 | ||
Whiteboard: | ~4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-05-09 09:44:25 UTC
CVE-2016-4561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4561): Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. fixed with Version bump to 3.20160905 https://github.com/gentoo/gentoo/commit/cf6ce29f81b854d58acbafa1749f1621f09c432c (In reply to Alice Ferrazzi from comment #2) > fixed with Version bump to 3.20160905 > https://github.com/gentoo/gentoo/commit/ > cf6ce29f81b854d58acbafa1749f1621f09c432c www-apps/ikiwiki/ikiwiki-3.20160905.ebuild: x86 dependency.bad [fatal] 28 www-apps/ikiwiki/ikiwiki-3.20160905.ebuild: DEPEND: amd64(default/linux/amd64/13.0) [ 'dev-perl/Text-Markdown', 'dev-perl/YAML-LibYAML', 'dev-perl/Net-OpenID-Consumer', 'dev-perl/XML-Feed'] amd64 stable. Maintainer(s), please cleanup. @maintainer(s), please cleanup. cleaned affected version (In reply to Alice Ferrazzi from comment #6) > cleaned affected version Thanks, Alice! |