Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 720918 - <net-analyzer/cacti-1.2.12: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)
Summary: <net-analyzer/cacti-1.2.12: Lack of escaping of color items can lead to XSS e...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords: CC-ARCHES, STABLEREQ
Depends on:
Blocks: CVE-2020-13230, CVE-2020-13231
  Show dependency tree
 
Reported: 2020-05-04 09:22 UTC by Jeroen Roovers (RETIRED)
Modified: 2020-06-11 01:01 UTC (History)
1 user (show)

See Also:
Package list:
=net-analyzer/cacti-1.2.12 =net-analyzer/cacti-spine-1.2.12
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2020-05-04 09:22:11 UTC
Cacti CHANGELOG

1.2.12
-security#3467: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)


CVE-2020-7106 already reserved by bug #708938.
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-21 07:54:54 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-05-21 08:06:42 UTC
x86 stable
Comment 3 Rolf Eike Beer archtester 2020-05-22 17:03:42 UTC
sparc stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2020-05-23 07:05:26 UTC
Dropped HPPA keywording to ~hppa.
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-23 14:25:14 UTC
noglsa because XSS.

@maintainer(s), please cleanup when ready, thanks!
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-11 01:00:36 UTC
(In reply to Sam James (sec padawan) from comment #5)
> noglsa because XSS.
> 
> @maintainer(s), please cleanup when ready, thanks!

done