Hi Hideki Thanks for the information. Have you been able to reproduce the problem with IE and checked the patch?
Cheers Steffen > On Sun, 7 Mar 2010 19:10:12 +1100 > > Steffen Joeris <steffen.joe...@skolelinux.de> wrote: > > Apparently, to_native() is converting it to another encoding, but > > shouldn't it do some escaping of certain characters to avoid having the > > usual html characters in there? > > I'm not sure that, I'll ask upstream author. > IE has a strange behavior with auto-encoding pages without charset, it > probably relates that. > > > I also don't understand the text on tdiary.org, since it is in Japanese, > > could you maybe provide a translation? > > * Overview > XSS vulnerability was found in tDiary, a communication-friendly weblog > system. We think it is rare case but please deal with that as soon as > possible if you are using such system. > > - This problem affects > * tDiary 2.2.2 or earlier (full set and plugins) > > And, if you meet _all_ condition below > * tb-send.rb plugin is enabled > * using Microsoft Internet Explorer 7 (IE7) > * update diary via malicious crafted URL > > We confirmed this problem with update blog by using IE7 (maybe Old > Internet Explorer as well but we don't check with that) and it is not > showed with Firefox, Opera and Safari. > > And it exists with tDiary 2.2, not 2.3. > > > * Impact > An arbitrary script may be executed on some web browsers when blog owner > accesses blog update page via special crafted URL or web site by malicious > third-parties. > > It does not affect people who browse blog since this vulnerability exists > in its update page only, and is accessible with administrator of that > blog. However, there's a danger publish malicious page by exploiting this > vulnerability. > > > * Solutions > - disable tb-send.rb plugin > - update product to 2.2.3 > > > * Thanks to > Project VEX of UBsecure, Inc. > -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
