Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 720918

Summary: <net-analyzer/cacti-1.2.12: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: netmon
Priority: Normal Keywords: CC-ARCHES, STABLEREQ
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=708938
Whiteboard: B4 [noglsa]
Package list:
=net-analyzer/cacti-1.2.12 =net-analyzer/cacti-spine-1.2.12
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 724348    

Description Jeroen Roovers (RETIRED) gentoo-dev 2020-05-04 09:22:11 UTC 
Cacti CHANGELOG

1.2.12
-security#3467: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)


CVE-2020-7106 already reserved by bug #708938.
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-21 07:54:54 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-05-21 08:06:42 UTC 
x86 stable
Comment 3 Rolf Eike Beer archtester 2020-05-22 17:03:42 UTC 
sparc stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2020-05-23 07:05:26 UTC 
Dropped HPPA keywording to ~hppa.
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-23 14:25:14 UTC 
noglsa because XSS.

@maintainer(s), please cleanup when ready, thanks!
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-11 01:00:36 UTC 
(In reply to Sam James (sec padawan) from comment #5)
> noglsa because XSS.
> 
> @maintainer(s), please cleanup when ready, thanks!

done