On Tue, Mar 05, 2013 at 03:26:46PM +0100, Salvatore Bonaccorso wrote: > Hi Raphael, Ganglia maintainers > > On Thu, Feb 21, 2013 at 02:50:13PM +0100, Raphael Geissert wrote: > > The other operations related to views (in views_view.php) are all > > still vulnerable to XSS via the view_name GET parameter. > > Also reported this now to upstream issue tracker, sorry for the delay. > > https://github.com/ganglia/ganglia-web/issues/160 > > Please include also the CVE for this issue in the changelog when > fixing the issue, it's assigned CVE-2013-1770.
Upstream commited a fix for this issue: https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
