Hello,
while browsing the ELOG entries at Secunia, I saw that my
security bugs in ELOG were only marked as partially fixed.
After some investigation, I found out that one more patch
was needed to close the XSS bug when handling Categories
(more specifically, when Adding a new Category called
something like "><script>alert(1096)</script>, that piece
of JavaScript will be executed when other users click on
New, which is bad). I have attached a patch for this too.
I also noticed that two other vulnerabilities in ELOG
were marked as Unpatched. Are these two fixed, Stefan?
o http://secunia.com/advisories/18124/
o http://secunia.com/advisories/22057/
Regards, Ulf Harnhammar
--- src/elogd.c.old 2006-11-28 12:25:59.000000000 +0100
+++ src/elogd.c 2006-12-02 20:37:44.000000000 +0100
@@ -9685,7 +9685,7 @@ void show_edit_form(LOGBOOK * lbs, int m
rsprintf("<option value=\"\">- %s -\n", loc("please
select"));
for (i = 0; i < MAX_N_LIST && attr_options[index][i][0];
i++) {
- strlcpy(str, attr_options[index][i], sizeof(str));
+ strencode2(str, attr_options[index][i], sizeof(str));
if (strchr(str, '{'))
*strchr(str, '{') = 0;
