From $URL Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. URL: https://nvd.nist.gov/vuln/detail/CVE-2017-9313 Reproducible: Always
@maintainer(s): Upstream Patch: https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b
jcameron committed Jun 12, 2017 Upstream Patch 1/2: https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b Upstream Patch 2/2: https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab @maintainer(s), please test and follow procedure to close on report, thank you. Daj'Uan (mbailey_j) Gentoo Security Scout
Adding CVEs: CVE-2017-2106 CVE-2017-15646 CVE-2017-15645 CVE-2017-15644 Affected versions all prior 1.830
@security The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37700521dc61e1ca761f09d49def71eeafa0fb77 commit 37700521dc61e1ca761f09d49def71eeafa0fb77 Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2018-10-14 12:24:17 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2018-10-14 13:02:22 +0000 app-admin/webmin: Version bump (#600422 by PhobosK) Closes: https://bugs.gentoo.org/600422 Closes: https://bugs.gentoo.org/596618 Signed-off-by: Pacho Ramos <pacho@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 app-admin/webmin/Manifest | 2 + app-admin/webmin/files/gentoo-setup | 438 +++++++++++++++++++++++++++++++++++ app-admin/webmin/webmin-1.881.ebuild | 314 +++++++++++++++++++++++++ 3 files changed, 754 insertions(+) --- Keywords for app-admin/webmin: | a | | | m | | | d x | | | 6 8 | | | 4 6 | u | | a a a p s | | | n | | l m r i p h m s p f m f | e u s | r | p d a m a p c x p 6 3 a b i b | a s l | e | h 6 r 6 6 p 6 8 p 8 9 s r s p s | p e o | p | a 4 m 4 4 c 4 6 a k 0 h c d s d | i d t | o ------+---------------------------------+-------+------- 1.881 | o ~ o o o o o ~ o o o o o o o o | 6 o 0 | gentoo --- Vulnerable version dropped, please proceed. Gentoo Security Padawan (domhnall)
All done, repository is clean.