Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: CVE request: LetoDMS, more issues
From: Raphael Geissert <geissert () debian org>
Date: Wed, 31 Oct 2012 17:30:28 -0600

On Wednesday 31 October 2012 09:31:13 Kurt Seifried wrote:
On 10/30/2012 01:28 PM, Raphael Geissert wrote:
On Friday 05 October 2012 23:11:36 Raphael Geissert wrote:
Regression in the above patch (fixed after the release of

Does this regression cause a security issue (e.g. did accidentally
putting htmlspecialchars() in actually cause a new XSS?).

I don't think so. The commit log says[1]:
"no need to escape with htmlspecialchars() because UI::contentSubHeading() 
does it too."


Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]