A non-persistent Cross-Site Scripting (XSS) flaw was found in sks, an OpenPGP keyserver [1],[2]. A patch is available [3]. A CVE has been requested but has not yet been assigned [4]. [1] https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss [2] https://bugzilla.mozilla.org/show_bug.cgi?id=952077 [3] https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724 [4] http://www.openwall.com/lists/oss-security/2014/05/01/16
Created sks tracking bugs for this issue: Affects: fedora-all [bug 1093801] Affects: epel-6 [bug 1093802]
*** This bug has been marked as a duplicate of bug 1093562 ***