From ${URL} : An XSS vulnerability was found in ikiwiki. The instance in cgierror() is a potential cross-site scripting attack, because an attacker could conceivably cause some module to raise an exception that includes attacker-supplied HTML in its message, for example via a crafted filename. Upstream fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7 References: http://seclists.org/oss-sec/2016/q2/267 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
CVE-2016-4561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4561): Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
fixed with Version bump to 3.20160905 https://github.com/gentoo/gentoo/commit/cf6ce29f81b854d58acbafa1749f1621f09c432c
(In reply to Alice Ferrazzi from comment #2) > fixed with Version bump to 3.20160905 > https://github.com/gentoo/gentoo/commit/ > cf6ce29f81b854d58acbafa1749f1621f09c432c www-apps/ikiwiki/ikiwiki-3.20160905.ebuild: x86 dependency.bad [fatal] 28 www-apps/ikiwiki/ikiwiki-3.20160905.ebuild: DEPEND: amd64(default/linux/amd64/13.0) [ 'dev-perl/Text-Markdown', 'dev-perl/YAML-LibYAML', 'dev-perl/Net-OpenID-Consumer', 'dev-perl/XML-Feed']
amd64 stable. Maintainer(s), please cleanup.
@maintainer(s), please cleanup.
cleaned affected version
(In reply to Alice Ferrazzi from comment #6) > cleaned affected version Thanks, Alice!