Bug 459605 (CVE-2008-3714)
Summary: | CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | gauret, rpm |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-10-01 18:02:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 459741, 459742, 459743, 459865 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2008-08-20 13:53:37 UTC
CVE-2008-3714: This issue affects the versions of the awstats package as shipped with Fedora 8, Fedora 9 and version of the awstats package, as shipped within the Extra Packages for Enterprise Linux (EPEL) project. I am having issues accessing the Fedora CVS server to update the package. I know the Infrastructure team is fixing a pretty big problem, is there any way we could update this package ? Aurelien, there's not alternate way at the moment, afaik. So we'll have to wait until infrastructure is restored again, which will hopefully happen soon now. For some reason an EPEL5 bug didn't get opened so I created bug #459865. Can't work out how to make it Fedora contributor-only though. awstats-6.8-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. awstats-6.8-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7684 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7663 |