Bug#349528: various unfixed security bugs

d infinite redirection with ?fail=1 CCing to Stefan. [Stefan: Please keep the discussion CCed to the bug report] Regards, -- Dr. Stefan Ritt Phone: +41 56 310 3728 Paul Scherrer Institute FAX: +41 56 310 2199 OLGA/021 mailto:[EMAIL PROTECTED] CH-5232 Villige

Bug#349528: Security bugs in elog

333: Fixed crashes with very long (revisions) attributes I believe so. Is this list complete as far as fixes past r1202 are concerned? What about r1487, is it a significant DoS condition? Yes. Best regards, Stefan -- Dr. Stefan Ritt Phone: +41 56 310 3728 Paul Scherrer Institute

Bug#392016: Further security patching of ELOG

conaining JavaScript - Doing a search by entering JavaScript in an attribute search field - Entering JavaScript in a quick filter text box. The fixes are contained in SVN revision 1792. Regards, Stefan Ritt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe"

Bug#389361: XSS vulnerability fixed

The reported XSS vulnerability has been fixed in SVN revision 1719 of elog by not allowing HTML mode by default. This mode has to be enabled explicitly by setting "Allowed encoding = 7". Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble?