Thanks So I should download all the source from the git repo as it seems 1.1.6 doesn’t have the fixes?
> On Jun 30, 2018, at 13:55, Christiaan de Die le Clercq > <cont...@techwolf12.nl> wrote: > > Hi Eric, > > The flag is set when SKS-Keyserver is vulnerable for XSS injection, > which is testable by going here: > http://<YOUR SKS > SERVER>/pks/lookup/undefined1%3CScRiPt%3Eprompt(972363)%3C/ScRiPt%3E > > More info on here: > https://bitbucket.org/skskeyserver/sks-keyserver/issues/26/cve-2014-3207-unfiltered-xss > and on here https://nvd.nist.gov/vuln/detail/CVE-2014-3207 > > > Kind regards, > > Christiaan de Die le Clercq > > Op 30-6-2018 om 3:20 PM schreef Eric Germann: >> Greetings, >> >> Can anyone shed some light on what causes the "Vulnerable to >> CVE-2014-3207” flag to be set in the status page >> (https://sks-keyservers.net/status/ks-status.php?server=<servername> >> <https://sks-keyservers.net/status/ks-status.php?server=%3Cservername%3E>) >> for a server? >> >> Build configuration is sks-1.1.6 from source, nginx 1.15.0 configured as >> laid out in https://keyserver.mattrude.com/guides/building-server/ >> >> After a boot, the key server will show “No” in the CVE field and it >> appears to be eligible for pool inclusion. After a while, it moves to >> “Yes” and appears to be ineligible. >> >> I’m trying to understand what changes from just running as the CVE seems >> to be on the SKS server side. >> >> Thanks for any insight >> >> EKG >> >> >> >> _______________________________________________ >> Sks-devel mailing list >> Sks-devel@nongnu.org >> https://lists.nongnu.org/mailman/listinfo/sks-devel >> >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel