Folks,
Yesterday Steven Chamberlain wrote:
> Hi!
>
> On 16/03/13 21:53, Salvatore Bonaccorso wrote:
> > On Sat, Mar 16, 2013 at 10:47:54PM +0100, Salvatore Bonaccorso wrote:
> >> [...] But how about the attached patch for
> >> unstable?
>
> Thank you for that. It does seem like the right way to
On 2013-03-16, Steven Chamberlain wrote:
> Another difference is that upstream 2.6.9 used a replacement character
> of underscore rather than a dot. Attached is my suggested revision of
> Salvatore's patch (also adds filtering of time specifiers).
>
> I've tested this on an existing wheezy/sid Smo
Another difference is that upstream 2.6.9 used a replacement character
of underscore rather than a dot. Attached is my suggested revision of
Salvatore's patch (also adds filtering of time specifiers).
I've tested this on an existing wheezy/sid SmokePing installation; it
stops the injection of qu
Hi!
On 16/03/13 21:53, Salvatore Bonaccorso wrote:
> On Sat, Mar 16, 2013 at 10:47:54PM +0100, Salvatore Bonaccorso wrote:
>> [...] But how about the attached patch for
>> unstable?
Thank you for that. It does seem like the right way to handle it for
wheezy.
Your patch seems correct to me. But
On Sat, Mar 16, 2013 at 10:47:54PM +0100, Salvatore Bonaccorso wrote:
> Hmm, this will quite sure not be approved. And Jonathan Wiltshire
> already commented there. A new upstream version at this stage of the
> freeze is not acceptable. But how about the attached patch for
> unstable?
... which I
Hi Antoine
Dropping Tobias Oetiker again from Cc, don't know if he is actually
interested to follow this. But we might/should bring further issues
with smokeping to him.
On Sat, Mar 16, 2013 at 12:42:39PM -0400, Antoine Beaupré wrote:
> Control: found -1 2.6.7-1
> Control: fixed -1 2.6.9-1~exp0
>
Processing control commands:
> found -1 2.6.7-1
Bug #659899 [smokeping] CVE-2012-0790: XSS
Marked as found in versions smokeping/2.6.7-1; no longer marked as fixed in
versions smokeping/2.6.7-1.
> fixed -1 2.6.9-1~exp0
Bug #659899 [smokeping] CVE-2012-0790: XSS
There is no source info for the pac
Control: found -1 2.6.7-1
Control: fixed -1 2.6.9-1~exp0
Control: fixed -1 2.3.6-5+squeeze1
Control: tags -1 pending
Control: block -1 with 703193
On 2013-03-16, Salvatore Bonaccorso wrote:
> Control: fixed -1 2.6.7-1
>
> Hi Steven
>
> On Sat, Mar 16, 2013 at 12:40:04PM +, Steven Chamberlain w
Hi,
On 16/03/13 13:56, Adam D. Barratt wrote:
>> On Sat, 2013-03-16 at 12:40 +, Steven Chamberlain wrote:
>> No longer marked as fixed in versions smokeping/2.6.7-1.
>
> Is that really what you meant to do?
I can't remember now, so it was probably a mistake, but now I can think
of a reason t
Processing control commands:
> fixed -1 2.6.7-1
Bug #659899 [smokeping] CVE-2012-0790: XSS
Marked as fixed in versions smokeping/2.6.7-1.
--
659899: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659899
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE,
Control: fixed -1 2.6.7-1
Hi Steven
On Sat, Mar 16, 2013 at 12:40:04PM +, Steven Chamberlain wrote:
> Control: reopen -1
Hmm, as Adam wrote, was this intentional? Because this way we lost the
version tracking for already fixed version. BTS handles fixed versions
already.
Btw, it's a nice ti
On Sat, 2013-03-16 at 12:40 +, Steven Chamberlain wrote:
> Control: reopen -1
[...]
> squeeze is vulnerable, as seen on the Navigator Graph page by changing
> the displaymode in the URL. It gets echoed back by this:
"
Bug reopened
No longer marked as fixed in versions smokeping/2.6.7-1.
"
Is
On 16/03/13 12:40, Steven Chamberlain wrote:
> and the generated HTML contains:
>
> SRC="/smokeping/images/__navcache/136343653521739_now" oops
> "_1363423440.png">
>
> Fortunately though, it doesn't seem possible to use an equals sign in
> these parameters, and so I don't see a way to perform X
Processing control commands:
> reopen -1
Bug #659899 {Done: Antoine Beaupré } [smokeping]
CVE-2012-0790: XSS
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in vers
Control: reopen -1
Hi,
squeeze is vulnerable, as seen on the Navigator Graph page by changing
the displaymode in the URL. It gets echoed back by this:
> return "ERROR: unknown displaymode $mode"
I'm not convinced the 'blacklist characters' approach was a great way to
handle it, but at least in
15 matches
Mail list logo
