[Freeipa-devel] [PATCH] 788 webui: fix potential XSS vulnerabilities
Tomas Babej
tbabej at redhat.com
Thu Nov 20 14:38:04 UTC 2014
On 11/19/2014 06:51 PM, Petr Vobornik wrote:
> Escape user defined text to prevent XSS attacks. Extra precaution was
> taken to escape also parts which are unlikely to contain user-defined
> text.
>
> https://fedorahosted.org/freeipa/ticket/4742
>
> resolves CVE-2014-7850
>
> f21 blocker candidate, requires priority review.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK, works fine.
Resolves issue described in CVE-2014-7850.
Pushed to:
master: bff97e8b2e8d80e75e989b661e873c8e72cd7429
ipa-4-1: af9fd4dfe2c18e52127480c959c35ad37b566095
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141120/6c00660e/attachment.htm>
More information about the Freeipa-devel
mailing list