Univention Bugzilla – Full Text Bug Listing |
Summary: | UMC doesn't escape HTML from dpkg | ||
---|---|---|---|
Product: | UCS | Reporter: | Daniel Tröder <troeder> |
Component: | UMC (Generic) | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Dirk Wiesenthal <wiesenthal> |
Severity: | normal | ||
Priority: | P5 | CC: | best, damrose, gohmann, klaeser, troeder, walkenhorst |
Version: | UCS 4.2 | Flags: | best:
Patch_Available+
|
Target Milestone: | UCS 4.2-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=43755 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 44489 | ||
Bug Blocks: | |||
Attachments: | patch |
Description
Daniel Tröder
2017-04-28 09:30:48 CEST
Created attachment 8872 [details]
patch
This has already been improved in UCS 4.2 but I made the escaping much more explicit and moved it into the ProgressBar widget of univention-web itself. univention-appcenter (6.0.7-14): r79639 | Bug #44498: escape HTML in progressbar messages univention-web (1.0.42-17): r79640 | Bug #44498: escape HTML in progressbar messages univention-appcenter.yaml: r79641 | YAML Bug #44498 univention-web.yaml: r79641 | YAML Bug #44498 OK, works. Mismatching binary package version: 1.0.42-15A~4.2.0.201705231328 != univention-web-js 1.0.42-17A~4.2.0.201705241252 from univention-web 1.0.42-17A~4.2.0.201705241252 |