Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAA7hUgH4zcwH9MMJ4EmxT8nTRSR-COwCW9jxzg6qKjY5DgqW9g@mail.gmail.com>
Date: Thu, 21 Feb 2013 11:47:10 +0100
From: Raphael Geissert <atomo64@...il.com>
To: oss-security@...ts.openwall.com
Cc: 700158@...s.debian.org, 700159@...s.debian.org
Subject: Re: CVE request: XSS flaws fixed in ganglia

Hi,

On 8 February 2013 19:06, Vincent Danen <vdanen@...hat.com> wrote:
> A number of XSS issues were fixed in ganglia's web ui:
>
> https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e

I've a hunch that there are a few issues with the changes. A quick
look at the patch shows that the change here breaks the preg_replace
call:

- $query_string = preg_replace("/(&trendhistory=)(\d+)/", "", $query_string);
+ $query_string = preg_replace("/(&trendhistory=)(\d+)/", "",
htmlspecialchars($query_string, ENT_QUOTES) );

It looks as if the htmlspecialchars call was misplaced.  Not that it
is a security issue, but it's a bug.

Can anyone forward this upstream? I will try to take a look at the
rest of the patch later.

Cheers,
-- 
Raphael Geissert

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.