CVE-2017-2661

NameCVE-2017-2661
DescriptionImproper node name field validation when creating clusters leads to XSS
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
Debian Bugs858379

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pcs (PTS)stretch0.9.155+dfsg-2fixed
buster, sid0.9.159-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pcssource(unstable)0.9.155+dfsg-2858379

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1428948
https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
http://www.openwall.com/lists/oss-security/2017/03/23/2

Search for package or bug name: Reporting problems