Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-14 Thread Dominic Hargreaves
On Tue, Sep 12, 2017 at 09:30:19PM +0200, Salvatore Bonaccorso wrote: > Hi Dominic, > > On Tue, Sep 12, 2017 at 04:34:14PM +0100, Dominic Hargreaves wrote: > > On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote: > > > Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-12 Thread Salvatore Bonaccorso
Hi Dominic, On Tue, Sep 12, 2017 at 04:34:14PM +0100, Dominic Hargreaves wrote: > On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote: > > Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to > > add_query_arg > > > > Hi Dominic, Craig, Michael, > > > > FTR, I

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-12 Thread Dominic Hargreaves
On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote: > Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to > add_query_arg > > Hi Dominic, Craig, Michael, > > FTR, I requested a CVE for this issue and it got assigned > CVE-2017-14313. Thanks. I assume you

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-12 Thread Dominic Hargreaves
Great, thanks for confirming Michael. Dominic. On Mon, Sep 11, 2017 at 02:14:05PM +, Michael McNeill wrote: > Dominic, > > After reviewing, it does appear that 1.4 is vulnerable to the XSS attack > and should be patched using the same patch made here: >

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-11 Thread Salvatore Bonaccorso
Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to add_query_arg Hi Dominic, Craig, Michael, FTR, I requested a CVE for this issue and it got assigned CVE-2017-14313. Regards, Salvatore

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-11 Thread Michael McNeill
Dominic, After reviewing, it does appear that 1.4 is vulnerable to the XSS attack and should be patched using the same patch made here: https://github.com/michaelryanmcneill/shibboleth/blob/1d65ad6786282d23ba1865f56e2fd19188e7c26a/shibboleth.php#L463 Please let me know if you have additional

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-11 Thread Dominic Hargreaves
On Mon, Sep 11, 2017 at 03:21:08AM +, Craig Small wrote: > On Wed, 6 Sep. 2017, 07:03 Dominic Hargreaves wrote: > > > I have just become aware of an old security issue that was fixed > > in upstream: > > > > > >

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-10 Thread Craig Small
On Wed, 6 Sep. 2017, 07:03 Dominic Hargreaves wrote: > I have just become aware of an old security issue that was fixed > in upstream: > > > https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f5 > 6e2fd19188e7c26a >

Bug#874416: wordpress-shibboleth: XSS due to add_query_arg

2017-09-05 Thread Dominic Hargreaves
Package: wordpress-shibboleth Version: 1.4-2 Severity: important X-Debbugs-Cc: csm...@debian.org Tags: security I have just become aware of an old security issue that was fixed in upstream: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f5 6e2fd19188e7c26a As far