oss-sec mailing list archives
Re: Cgit XSS "vulnerability" has no CVE?
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Mon, 7 Mar 2016 20:29:37 +0100
On Mon, Mar 7, 2016 at 7:46 PM, Peter Bex <peter () more-magic net> wrote:
Considering that it's been "fixed", I thought a CVE might be useful to trigger distros to include the patch. Without a CVE, distros like Debian and RedHat will keep using the unpatched version, which is a shame if such an easy fix is available.
Considering so many of the other example filters have the same problem, I don't think this will buy much. However, after I revamp the example filters into a nice "one stop" solution for lots of filetypes, we can start promoting that various places for its security benefits.
Current thread:
- Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 05)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 07)