The vulnerability does NOT exist in eGroupWare, as the code does NOT get
called:
// finally our print our footer
if (is_object($GLOBALS['egw'])) {
$GLOBALS['egw']-common-egw_footer();
} else {
require_once(APP_ROOT . '/includes/system_footer.php');
}
include/system_footer.php
Am Dienstag, 4. September 2007 03:09 schrieb Nico Golde:
I have no running installation so I could just look at the
source code and it is clearly vulnerable.
I think this code isn't actually called. It'd still be good to get this
fixed, though, but it's not really that critical.
--
To
Hi,
sorry, forget my latest mail, wrong bug number.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpTIflntsORX.pgp
Description: PGP signature
Hi,
this time it's the right bug number.
I intend to 0-day NMU this bug.
I attached a patch for the NMU which fixes the XSS
vulnerability.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/egroupware-phpsysinfo-1.2.107-2.dfsg-1-1.2.107-2.dfsg-1.1.patch
Kind regards
Nico
--
tags 435937 +experimental
Hi,
1.4.001.dfsg-2 in experimental is also vulnerable.
With kind regards, Jan.
--
Never write mail to [EMAIL PROTECTED], you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++
Nico Golde wrote:
I attached a patch for the NMU which fixes the XSS
vulnerability.
Were you in fact able to verify that the vulnerability exists?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
* Peter Eisentraut [EMAIL PROTECTED] [2007-09-04 02:18]:
Nico Golde wrote:
I attached a patch for the NMU which fixes the XSS
vulnerability.
Were you in fact able to verify that the vulnerability exists?
I have no running installation so I could just look at the
source code and it is
Hi,
I intend to 0-day NMU this bug.
I attached a patch for the NMU, it will be also archived on:
http://people.debian.org/~nion/nmu-diff/phpsysinfo_2.5.1-6-2.5.1-6.1.patch
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in
tags 435937 + unreproducible
stop
Florian Weimer wrote:
Package: egroupware-phpsysinfo
Version: 1.2.106-2.dfsg-3
Tags: security
A XSS vulnerability in phpsysinfo has been disclosed:
http://example.com/phpsysinfo-path/index.php/XSS
This is CVE-2007-4048. Please mention this name in the
* Peter Eisentraut:
tags 435937 + unreproducible
stop
Florian Weimer wrote:
Package: egroupware-phpsysinfo
Version: 1.2.106-2.dfsg-3
Tags: security
A XSS vulnerability in phpsysinfo has been disclosed:
http://example.com/phpsysinfo-path/index.php/XSS
This is CVE-2007-4048. Please
Package: egroupware-phpsysinfo
Version: 1.2.106-2.dfsg-3
Tags: security
A XSS vulnerability in phpsysinfo has been disclosed:
http://example.com/phpsysinfo-path/index.php/XSS
This is CVE-2007-4048. Please mention this name in the changelog when
fixing this bug.
--
To UNSUBSCRIBE, email to
Florian Weimer wrote:
A XSS vulnerability in phpsysinfo has been disclosed:
http://example.com/phpsysinfo-path/index.php/XSS
That URL doesn't exist.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
12 matches
Mail list logo