Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 142597 - www-apps/sitebar - cross-site scripting vulnerability (CVE-2006-3320)
Summary: www-apps/sitebar - cross-site scripting vulnerability (CVE-2006-3320)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.debian.org/security/2006/d...
Whiteboard: B4 [noglsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-02 18:30 UTC by Carsten Lohrke (RETIRED)
Modified: 2006-08-21 11:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
sitebar.patch (sitebar.patch,466 bytes, patch)
2006-08-12 08:05 UTC, Thierry Carrez (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2006-08-02 18:30:58 UTC 
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2006-08-12 08:05:51 UTC 
Created attachment 94053 [details, diff]
sitebar.patch

Patch extracted from Debian diff
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2006-08-12 08:07:15 UTC 
web-apps, please bump 3.3.8 with patch.
Comment 3 Renat Lumpau (RETIRED) gentoo-dev 2006-08-17 08:59:43 UTC 
done
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-17 10:46:36 UTC 
Thanks Renat

PPC, please could you test and mark stable if possible sitebar-3.3.8, thanks in advance
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2006-08-18 08:47:48 UTC 
ppc stable
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-19 09:18:02 UTC 
I vote NO.
Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-21 01:14:20 UTC 
another no
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-21 11:19:51 UTC 
2 NO -> closing with NO GLSA.

Feel free to reopen if you disagree.