Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 73770

Summary: www-misc/htdig CAN-2004-1061 XSS issue (Vendor-Sec)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B4 [.?.]
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-08 01:26:30 UTC
No details know, opening bug to keep track of the issue.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-12-09 02:30:45 UTC
It's not disclosed yet, but I think I found it (or another one) :

http://yourserverhere/cgi-bin/htsearch?words="><H1>BOO</H1><A HREF="

Waiting for a disclosure date / patch from Michael Krax or v-s. We'll have to doublecheck that it fixes the one I found if it's different from the official one.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-09 14:01:02 UTC
Not a problem with htdig but templates.