Bug 1369764

Summary: ganglia-web 3.7.2 needed to fix XSS
Product: [Fedora] Fedora EPEL Reporter: Dave Love <dave.love>
Component: gangliaAssignee: Nick <nick>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: anemec, ggillies, jose.p.oliveira.oss, k.georgiou, nick, terje.rosten
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-24 14:25:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dave Love 2016-08-24 11:13:34 UTC 
Description of problem:

The release notes for ganglia-web 3.7.2 say it fixes an XSS issue.
http://ganglia.info/?p=619

Version-Release number of selected component (if applicable):

ganglia-web-3.7.1-2
Comment 1 Andrej Nemec 2016-08-24 12:37:33 UTC 
(In reply to Dave Love from comment #0)
> Description of problem:
> 
> The release notes for ganglia-web 3.7.2 say it fixes an XSS issue.
> http://ganglia.info/?p=619
> 
> Version-Release number of selected component (if applicable):
> 
> ganglia-web-3.7.1-2

Hi David,

According to my information ganglia in Epel-6 should already be at version 3.7.2

fedora:epel:6/ganglia-3.7.2-2.el6

Are you seeing something different?
Comment 2 Dave Love 2016-08-24 14:02:24 UTC 
(In reply to Andrej Nemec from comment #1)

> According to my information ganglia in Epel-6 should already be at version
> 3.7.2

But the ganglia-web component isn't.  (I don't think it's el6-specific.)

$ rpm -qlp `yumdownloader --source --urls ganglia|&tail -1`
conf.php
ganglia-3.7.2.tar.gz
ganglia-httpd.conf.d
ganglia-httpd24.conf.d
ganglia-web-3.5.7-statedir.patch
ganglia-web-3.7.1.tar.gz
ganglia.spec
gmetad.service
gmond.service
Comment 3 Andrej Nemec 2016-08-24 14:25:50 UTC 
(In reply to Dave Love from comment #2)
> (In reply to Andrej Nemec from comment #1)
> 
> > According to my information ganglia in Epel-6 should already be at version
> > 3.7.2
> 
> But the ganglia-web component isn't.  (I don't think it's el6-specific.)
> 
> $ rpm -qlp `yumdownloader --source --urls ganglia|&tail -1`
> conf.php
> ganglia-3.7.2.tar.gz
> ganglia-httpd.conf.d
> ganglia-httpd24.conf.d
> ganglia-web-3.5.7-statedir.patch
> ganglia-web-3.7.1.tar.gz
> ganglia.spec
> gmetad.service
> gmond.service

Ok,

I have created a security flaw and trackers for this issue. Thanks for the report! I will close this flaw now.

*** This bug has been marked as a duplicate of bug 1369844 ***