Bug 27738 - tt-rss new security issue CVE-2020-25789
Summary: tt-rss new security issue CVE-2020-25789
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Olivier Blin
QA Contact: Sec team
URL: https://repology.org/project/tt-rss/c...
Whiteboard: MGA7TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-04 13:27 CET by Zombie Ryushu
Modified: 2020-12-28 22:59 CET (History)
3 users (show)

See Also:
Source RPM: tt-rss-1.12-9.mga8.src.rpm
CVE: CVE-2020-25789
Status comment: include/functions.php needs to not serve SVG images

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2020-12-04 13:27:43 CET 
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
Zombie Ryushu 2020-12-04 13:27:56 CET

CVE: (none) => CVE-2020-25789

David Walser 2020-12-04 13:38:14 CET

Summary: Security vulnerabilities for tt-rss CVE-2020-25789 => tt-rss new security issue CVE-2020-25789
Source RPM: tt-rss-1.12-8.mga7.src => tt-rss-1.12-9.mga8.src.rpm
Whiteboard: (none) => MGA7TOO
Version: 7 => Cauldron

Comment 2 Aurelien Oudelet 2020-12-07 10:37:09 CET 
Hi, thanks for reporting this.
I added the committers in CC.

(Please set the status to 'assigned' if you are working on it)

Assignee: bugsquad => mageia
CC: (none) => jani.valimaa, thierry.vignaud

Comment 3 David Walser 2020-12-27 21:50:44 CET 
The code that was patched upstream is very different than the code we have.  We may not be affected.
David Walser 2020-12-27 22:34:59 CET

Status comment: (none) => include/functions.php needs to not serve SVG images

Comment 4 Nicolas Lécureuil 2020-12-28 22:59:12 CET 
except if someone show us we are affected, i looked and it seems we are not ( 99% sure :-) )

Resolution: (none) => INVALID
Status: NEW => RESOLVED
CC: (none) => mageia
Note You need to log in before you can comment on or make changes to this bug.