https://bugzilla.redhat.com/show_bug.cgi?id=1295436 Bug ID: 1295436 Summary: CVE-2015-8508 bugzilla: cross-site scripting when generating a dependency graph Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: mprpic@xxxxxxxxxx CC: bazanluis20@xxxxxxxxx, emmanuel@xxxxxxxxx, itamar@xxxxxxxxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx Upstream Bugzilla fixed the following issue: During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack. This issue was fixed in versions 4.2.16, 4.4.11, and 5.0.2. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1221518 -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
