[Buildbot-devel] Cross-site scripting vulnerability
Steve 'Ashcrow' Milner
smilner at redhat.com
Thu Aug 13 17:28:55 UTC 2009
On 13/08/09 11:37 -0400, Dustin J. Mitchell wrote:
>On Thu, Aug 13, 2009 at 11:18 AM, Steve 'Ashcrow'
>Milner<smilner at redhat.com> wrote:
>> Rebuilt Fedora packages with new release. They are in request for
>> testing.
>
>Thanks! To my shame, overnight, we discovered some more XSSen. Once
>I'm confident we've found all/most of them, I'll release a 0.7.11p3 --
>probably later today. So if you want to hold off pushing 0.7.11p2,
>that would probably be fine.
>
>Dustin
>
>--
>Open Source Storage Engineer
>http://www.zmanda.com
OK. Do we have an official policy for disclosing vulns like this right
now? If not, I can help in that area as well to make future issues
flow smoothly.
--
kthxbye!
Steve 'Ashcrow' Milner
Agent of Infosec
IRC: ashcrow
GnuPG ID: 28DFD4BE
"In the heat of conversation I may have said certain things I believe
to be untrue. The alleged lie that you might have heard me saying
allegedly moments ago ... that's a parasite that lives in my neck."
-- Tad Ghostal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://buildbot.net/pipermail/devel/attachments/20090813/78be25bc/attachment.bin>
More information about the devel
mailing list