Bugzilla – Bug 64304
VUL-0: CVE-2004-1318: "Cross-Site Scripting Vulnerability" in namazu
Last modified: 2021-10-27 08:47:18 UTC
The bug of "Cross-Site Scripting Vulnerability" was found in namazu. The problem was fixed namazu-2.0.14 are released. # 8.1, 8.2, 9.0, 9.1, 9.2 are influenced. Please see this for details. http://www.namazu.org/security.html.en
mike, can you provide updated packages please
I tried creating the package of namazu-2.0.14. (It is at a base about namazu-2.0.12-169 of SUSE 9.1.) The namazu-2.0.14 require 1.2 or more "File::MMagic(perl module)" version. # I used "perl-File-MMagic-1.22-2" of SUSE 9.2. However, this package has not made the check of operation enough. (The following is the difference in SPEC.) ----------------------------------------------- # diff namazu.spec namazu.spec.2012.169 2c2 < # spec file for package namazu (Version 2.0.14) --- > # spec file for package namazu (Version 2.0.12) 16,18d15 < #namzu-2.0.14(required File::MMagic(perl module) version 1.2) < BuildRequires: perl-File-MMagic >= 1.20 < 25,28c22,23 < ##Version: 2.0.12 < ##Release: 169 < Version: 2.0.14 < Release: 0.01 --- > Version: 2.0.12 > Release: 169 31,32c26 < ##Source0: http://www.namazu.org/stable/%{name}-%{version}.tar.bz2 < Source0: http://www.namazu.org/stable/%{name}-%{version}.tar.gz --- > Source0: http://www.namazu.org/stable/%{name}-%{version}.tar.bz2 159c153 < ##%patch0 -p1 -b .linguas --- > %patch0 -p1 -b .linguas 161,162c155,156 < ##%patch2 -p1 -b .config < ##%patch3 -p1 -b .de --- > %patch2 -p1 -b .config > %patch3 -p1 -b .de 248,249d241 < * Thu Dec 16 2004 M. Takeyama(namazu-2.0.14.01) < - update to 2.0.14 -----------------------------------------------
* This comment was added by mail. Packages which update to namazu 2.0.14 for distributions where this is easily possible and namazu packages of older versions with a security patch applied which fixes the cross site scripting vulnerability are here: ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.1/i586/namazu-2.0.10-155.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.1/i586/namazu-cgi-2.0.10-155.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.1/i586/namazu-devel-2.0.10-155.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.1/src/namazu-2.0.10-155.src.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.2/i586/namazu-2.0.12-170.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.2/i586/namazu-cgi-2.0.12-170.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.2/i586/namazu-devel-2.0.12-170.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/8.2/src/namazu-2.0.12-170.src.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/i586/namazu-2.0.14-1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/i586/namazu-cgi-2.0.14-1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/i586/namazu-devel-2.0.14-1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/i586/perl-File-MMagic-1.22-2.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/src/namazu-2.0.14-1.src.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/src/perl-File-MMagic-1.22-2.src.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/x86_64/namazu-2.0.14-1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/x86_64/namazu-cgi-2.0.14-1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/x86_64/namazu-devel-2.0.14-1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.0/x86_64/perl-File-MMagic-1.22-2.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/i586/namazu-2.0.14-0.1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/i586/namazu-cgi-2.0.14-0.1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/i586/namazu-devel-2.0.14-0.1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/i586/perl-File-MMagic-1.22-1.1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/src/namazu-2.0.14-0.1.src.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/src/perl-File-MMagic-1.22-1.1.src.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/x86_64/namazu-2.0.14-0.1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/x86_64/namazu-cgi-2.0.14-0.1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/x86_64/namazu-devel-2.0.14-0.1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.1/x86_64/perl-File-MMagic-1.22-1.1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.2/i586/namazu-2.0.14-0.1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.2/i586/namazu-cgi-2.0.14-0.1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.2/i586/namazu-devel-2.0.14-0.1.i586.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.2/src/namazu-2.0.14-0.1.src.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.2/x86_64/namazu-2.0.14-0.1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.2/x86_64/namazu-cgi-2.0.14-0.1.x86_64.rpm ftp://SuSE/ftp.suse.com/pub/projects/m17n/9.2/x86_64/namazu-devel-2.0.14-0.1.x86_64.rpm I'll prepare updates which contain only the security fix and which can be downloaded via YOU tomorrow.
Updated packages with patches submitted for inclusion in the next YOU update for 8.2, 9.0, 9.1, and 9.2. Closing as FIXED.
<!-- SBZ_reopen -->Reopened by meissner@suse.de at Tue Dec 21 16:28:27 2004, took initial reporter takezou040728@yahoo.co.jp to cc
reopemn for tracking
update released.
-> fixed
CAN-2004-1318
CVE-2004-1318: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)