|
Message-ID: <516F08C9.2040700@redhat.com> Date: Wed, 17 Apr 2013 14:40:41 -0600 From: Kurt Seifried <kseifried@...hat.com> To: Open Source Security <oss-security@...ts.openwall.com> Subject: Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was brought to my attention: https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd +* Fixed possible XSS attack through `file=` parameter in `flashmediaelement.swf` This may have been requested already, I haven't seen it. Please use CVE-2013-1967 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRbwjJAAoJEBYNRVNeJnmTRYIQALmGiZ9R7D2yuV3D+8EWTON4 29y17zF2yfMdGgG98HXBVhNWCFST1qjhSzdDLZA1iH5B9cxI9m80ztB3ELehXemJ TZuv6kadgxbQN64hPbTP+TfoRpsIqA5cwdIitFbC5FhOm6K6tCySUlFxD9xrmiFf AVhMjGexIsbnuqSHAYHJGwWD2SIesF8rGNcOzb2AWLQvYetUcd2r62RZiaIbJi9m kqGOnjvnFS7RicL/xeJagkQD/9zuRXaZqstBieV9SyhKgPymvFITVPw9keXiE/W1 D4G/az1f4FJ2Vuyh4qTeKEOVXb7HZDpCCn/mxQja/V0SzAhrh1/d8U29JXPsw03D aAY8tdZKFLU8UmyAsRFiNd09Pud5UV0dag/cNQstVrQnHuriaFurGNKC+bsf0n64 6USjHmtSxc79skB3AilZmhmPQPFB5T0nG/47P9xKZiw/Thri+eGQGgoMfLKgSsNT izgyIwOVNah16RANHWJ55+ExrnbRI6MkHFSHbqgpSia2xgDt6JpUKKQQazgDoUOa pnubWg3jr14fyi53ytQuMh8mgEI8LYeSsktAMxAPJAKSI6303LEOwlgPTWYSfUlv YHDiQq6i9TE+cMI3XCR8djJ3Pv7gHhbPW7z3J2jFIBSgjxmtdCKX2yLPrf10S+/9 ps6+fwe5HmCVbhd09NPE =LFeY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.