On Tue, Sep 12, 2017 at 09:30:19PM +0200, Salvatore Bonaccorso wrote:
> Hi Dominic,
>
> On Tue, Sep 12, 2017 at 04:34:14PM +0100, Dominic Hargreaves wrote:
> > On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote:
> > > Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS
Hi Dominic,
On Tue, Sep 12, 2017 at 04:34:14PM +0100, Dominic Hargreaves wrote:
> On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote:
> > Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to
> > add_query_arg
> >
> > Hi Dominic, Craig, Michael,
> >
> > FTR, I
On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote:
> Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to
> add_query_arg
>
> Hi Dominic, Craig, Michael,
>
> FTR, I requested a CVE for this issue and it got assigned
> CVE-2017-14313.
Thanks. I assume you
Great, thanks for confirming Michael.
Dominic.
On Mon, Sep 11, 2017 at 02:14:05PM +, Michael McNeill wrote:
> Dominic,
>
> After reviewing, it does appear that 1.4 is vulnerable to the XSS attack
> and should be patched using the same patch made here:
>
Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to
add_query_arg
Hi Dominic, Craig, Michael,
FTR, I requested a CVE for this issue and it got assigned
CVE-2017-14313.
Regards,
Salvatore
Dominic,
After reviewing, it does appear that 1.4 is vulnerable to the XSS attack
and should be patched using the same patch made here:
https://github.com/michaelryanmcneill/shibboleth/blob/1d65ad6786282d23ba1865f56e2fd19188e7c26a/shibboleth.php#L463
Please let me know if you have additional
On Mon, Sep 11, 2017 at 03:21:08AM +, Craig Small wrote:
> On Wed, 6 Sep. 2017, 07:03 Dominic Hargreaves wrote:
>
> > I have just become aware of an old security issue that was fixed
> > in upstream:
> >
> >
> >
On Wed, 6 Sep. 2017, 07:03 Dominic Hargreaves wrote:
> I have just become aware of an old security issue that was fixed
> in upstream:
>
>
> https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f5
> 6e2fd19188e7c26a
>
Package: wordpress-shibboleth
Version: 1.4-2
Severity: important
X-Debbugs-Cc: csm...@debian.org
Tags: security
I have just become aware of an old security issue that was fixed
in upstream:
https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f5
6e2fd19188e7c26a
As far
9 matches
Mail list logo