/[advisories]/10095.adv
ViewVC logotype

Annotation of /10095.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 40 - (hide annotations) (download)
Tue Jun 18 15:55:08 2013 UTC (8 years, 1 month ago) by boklm
File size: 1260 byte(s)
Remove CVE links from references

CVE links are now added automatically
1 boklm 7 ID: MGASA-2013-0163
2     pubtime: 1370521473
3     type: security
4     src:
5 boklm 12 2:
6 boklm 7 core:
7     - php-geshi-1.0.8.11-1.mga2
8     CVE:
9     - CVE-2012-3251
10     - CVE-2012-3522
11     subject: Updated php-geshi package fix security vulnerabilities
12     description: |
13     A directory traversal and information disclosure (local file inclusion) flaws
14     were found in the cssgen contrib module (application to generate custom CSS
15     files) of GeSHi, a generic syntax highlighter, performed sanitization of
16     'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote
17     attacker could provide a specially-crafted URL that, when visited could lead
18     to local file system traversal or, potentially, ability to read content of
19     any local file, accessible with the privileges of the user running the
20     webserver (CVE-2012-3251).
21    
22     A cross-site scripting (XSS) flaw was found in the way 'langwiz' example
23     script of GeSHi, a generic syntax highlighter, performed sanitization of
24     certain HTTP GET / POST request variables (prior dumping their content). A
25     remote attacker could provide a specially-crafted URL that, when visited
26     would lead to arbitrary HTML or web script execution (CVE-2012-3522).
27     references:
28     - http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html

  ViewVC Help
Powered by ViewVC 1.1.28