|
Message-ID: <k10c6v$c45$1@ger.gmane.org> Date: Tue, 21 Aug 2012 11:15:24 -0500 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Hi Jan, everyone, [can't seem to follow-up via email, sorry for not CC'ing the others] Jan Lieskovsky wrote: > Issue #B: > --------- > Then there is a report about non-persistent XSS flaw, that have been > fixed in the contrib module of 1.0.8.11 version too: > [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685323 > > but I was unable to find the relevant upstream patch (and above Debian > BTS entry doesn't contain further information too, which could be acted > upon). The fix is: http://geshi.svn.sourceforge.net/viewvc/geshi?view=revision&revision=2508 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.