Bug#685323: Non-persistent XSS vulnerability in contrib script
tags 685323 = unreproducible upstream security notfound 685323 geshi/1.0.8.4-1 close 685323 geshi/1.0.8.4-1 thanks Bug supposedly affected langwiz.php where a leftover var_dump($_GET) could pose an XSS risk if deployed on a public-facing webserver. [1] That file does not exist in the source version of php-geshi packaged by Debian. It was formerly known as langcheck,php, which is shipped by php-geshi 1.0.8.4-1 in doc/examples/, but the vulnerability was not introduced until later. [1] http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/contrib/langwiz.php?r1=2508r2=2507pathrev=2508 Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 1 errors): Re: Bug#685323: Non-persistent XSS vulnerability in contrib script
Processing commands for cont...@bugs.debian.org: tags 685323 = unreproducible upstream security Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script Removed tag(s) moreinfo. notfound 685323 geshi/1.0.8.4-1 Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script No longer marked as found in versions geshi/1.0.8.4-1. close 685323 geshi/1.0.8.4-1 thanks Stopping processing here. Please contact me if you need assistance. -- 685323: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685323 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#685323: Non-persistent XSS vulnerability in contrib script
Processing commands for cont...@bugs.debian.org: close 685323 1.0.8.4-1 Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script Marked as fixed in versions geshi/1.0.8.4-1. Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script Marked Bug as done thanks Stopping processing here. Please contact me if you need assistance. -- 685323: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685323 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#685323: Non-persistent XSS vulnerability in contrib script
Package: php-geshi Version: 1.0.8.4-1 Severity: serious Tags: security upstream GeSHi 1.0.8.11 closes non-persistent XSS vulnerability in a contrib script provided in the GeSHi distribution. The vulnerability can be triggered by an attacker using a specially crafted URL when calling a vulnerable version of the script. Please upgrade the php-geshi package to the latest upstream version which fixes this issue. Regards, upstream. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php-geshi depends on: ii php5 5.4.4-4 ii php5-cli 5.4.4-4 php-geshi recommends no packages. php-geshi suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org