/[advisories]/10095.adv
ViewVC logotype

Contents of /10095.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 40 - (show annotations) (download)
Tue Jun 18 15:55:08 2013 UTC (3 years, 11 months ago) by boklm
File size: 1260 byte(s)
Remove CVE links from references

CVE links are now added automatically
1 ID: MGASA-2013-0163
2 pubtime: 1370521473
3 type: security
4 src:
5 2:
6 core:
7 - php-geshi-1.0.8.11-1.mga2
8 CVE:
9 - CVE-2012-3251
10 - CVE-2012-3522
11 subject: Updated php-geshi package fix security vulnerabilities
12 description: |
13 A directory traversal and information disclosure (local file inclusion) flaws
14 were found in the cssgen contrib module (application to generate custom CSS
15 files) of GeSHi, a generic syntax highlighter, performed sanitization of
16 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote
17 attacker could provide a specially-crafted URL that, when visited could lead
18 to local file system traversal or, potentially, ability to read content of
19 any local file, accessible with the privileges of the user running the
20 webserver (CVE-2012-3251).
21
22 A cross-site scripting (XSS) flaw was found in the way 'langwiz' example
23 script of GeSHi, a generic syntax highlighter, performed sanitization of
24 certain HTTP GET / POST request variables (prior dumping their content). A
25 remote attacker could provide a specially-crafted URL that, when visited
26 would lead to arbitrary HTML or web script execution (CVE-2012-3522).
27 references:
28 - http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html

  ViewVC Help
Powered by ViewVC 1.1.26