[Bug 810928] CVE-2012-3997 CVE-2012-3998 Review Request: sticky-notes - Sticky notes is a free and open source paste-bin application

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.redhat.com/show_bug.cgi?id=810928

Jan Lieskovsky <jlieskov@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jlieskov@xxxxxxxxxx
            Summary|Review Request:             |CVE-2012-3997 CVE-2012-3998
                   |sticky-notes - Sticky notes |Review Request:
                   |is a free and open source   |sticky-notes - Sticky notes
                   |paste-bin application       |is a free and open source
                   |                            |paste-bin application
              Alias|                            |CVE-2012-3997,
                   |                            |CVE-2012-3998

--- Comment #37 from Jan Lieskovsky <jlieskov@xxxxxxxxxx> ---
--

1) The CVE identifier of CVE-2012-3997 has been assigned to the following
issue:

Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 
0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML
via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b)
show.php.

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=810928 (this bug)
[2]
http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308
[3]
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083169.html
[4]
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083120.html

--

2) The CVE identifier of CVE-2012-3998 has been assigned to the following
issue:

Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5
allow remote attackers to execute arbitrary SQL commands via the (1) paste id
in admin/modules/mod_pastes.php or (2) show.php, (3) user id to
admin/modules/mod_users.php, (4) project to list.php, or (5) session id to
show.php.

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=810928 (this bug)
[2]
http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308
[3]
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083169.html
[4]
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083120.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review
[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]