mhonarc-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

2010-12-30 14:55:42
from [Earl Hood] [Permanent Link] 

Update of bug #32014 (project mhonarc):

                  Status:             In Progress => Ready For Test         

    _______________________________________________________

Follow-up Comment #1:

mhtxthtml.pl filter modified to reject any message with
nested tags.  This is invalid HTML, so any message
that contains it would likely indicate someone trying
to attack an archive web site.

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?32014>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS), Earl Hood
Next by Date:  Fix for CVE-2010-4524 and CVE-2010-1677 ready for verfication, Earl Hood
Previous by Thread:  [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting, Earl Hood
Next by Thread:  Fix for CVE-2010-4524 and CVE-2010-1677 ready for verfication, Earl Hood
Indexes:  [Date] [Thread] [Top] [All Lists]