mhonarc-dev

[bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)

2010-12-30 14:55:21

Update of bug #32013 (project mhonarc):

                  Status:               Confirmed => Ready For Test         

    _______________________________________________________

Follow-up Comment #1:

mhtxthtml.pl filter modified to reject any message with
nested tags.  This is invalid HTML, so any message
that contains it would likely indicate someone trying
to attack an archive web site.

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?32013>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV

<Prev in Thread] Current Thread [Next in Thread>