FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

devel/ipython -- multiple vulnerabilities

Affected packages
ipython < 3.2.2

Details

VuXML ID 290351c9-6f5c-11e5-a2a1-002590263bf5
Discovery 2015-09-01
Entry 2015-10-10

Matthias Bussonnier reports:

Summary: Local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it.

URI with issues:

Benjamin RK reports:

Vulnerability: A maliciously forged file opened for editing can execute javascript, specifically by being redirected to /files/ due to a failure to treat the file as plain text.

URI with issues:

References

CVE Name CVE-2015-6938
CVE Name CVE-2015-7337
FreeBSD PR ports/203668
URL http://www.openwall.com/lists/oss-security/2015/09/02/3
URL http://www.openwall.com/lists/oss-security/2015/09/16/3
URL https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
URL https://github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892