Bug 452549 (CVE-2008-6746)
Summary: | CVE-2008-6746 turba: XSS issue in the contact view | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dev |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-08-27 11:16:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-06-23 17:35:48 UTC
turba-2.2.1-1.fc9 has been submitted as an update for Fedora 9 turba-2.2.1-1.fc8 has been submitted as an update for Fedora 8 (In reply to comment #0) > Rawhide already has 2.2.1 (turba-2.2.1-1.fc10). There's no contact.php in 2.1.7 > currently in F8 and F9, and I failed to find this code elsewhere. Double-check > is appreciated though. Thanks, my plan was already to update F-8/F-9 to 2.2.1. Feel free to untag the updates as security though. Also EPEL-5 now has an updated version (2.2.1). turba-2.2.1-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update turba'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-5652 (In reply to comment #3) > Thanks, my plan was already to update F-8/F-9 to 2.2.1. Feel free to untag the > updates as security though. Given the information in comment #0, I changed them to enhancement. Feel free to request stable as needed. Sorry for the delay. No further action needed here, closing. CVE-2008-6746: Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. |