reopen 335997 found 335997 0.9.7-2 thanks Hello Pierre,
Sorry, didn't have time to get back to this earlier. I've verified that unstable is indeed completely fixed for CVE-2005-3334 (which contains some typos in the names of the affected variables). > Though, please note that this XSS vulneratibility IS really minor : it > has to be created from a user that stole you a PHPSESSID, and made a > treacheous search, and force the user to use 'last search result' > *BEFORE* you do a new search yourself, which is *REALLY* unlikely. that > is not doable for anonymous users. I don't subscribe to this assessment. This is a classic XSS, which can be exploited as any other: trick the user in going to a specially crafted URL and you can access his password cookie through JavaScript. You don't need to steal anything or bring the system in a specific state. > I'll try to have a minimalist patch ASAP, but stable version is not > really based on the same code (I mean the version in unstable is quite > bigger) and I'm not sure a patch is that simple to transpose (you must > have seen that my patch was quite brutal : I escaped any POST-ed or > GET-et variable, which is most of the time OK, but which is not really > nice not "the right way" since it results in some entities showing up > in mails). At least I can confirm that the stable version is still vulnerable to this attack, it's easily reproducable. If you want I can look into providing a patch or updated package. In any case, the bug should not yet be closed. bye, Thijs
signature.asc
Description: This is a digitally signed message part
