Candidate: CVE-2014-3207
PublicDate: 2014-05-08 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3207
 https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
 https://bugzilla.mozilla.org/show_bug.cgi?id=952077
Description:
 Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver
 before 1.1.5 allows remote attackers to inject arbitrary web script or HTML
 via the PATH_INFO to pks/lookup/undefined1.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746626
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_sks:
 upstream: https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724/raw/
upstream_sks: released (1.1.5)
lucid_sks: ignored (reached end-of-life)
precise_sks: ignored (reached end-of-life)
precise/esm_sks: DNE (precise was needed)
quantal_sks: ignored (reached end-of-life)
saucy_sks: ignored (reached end-of-life)
trusty_sks: ignored (reached end-of-life)
trusty/esm_sks: DNE (trusty was needs-triage)
utopic_sks: not-affected (1.1.5-1ubuntu1)
vivid_sks: not-affected (1.1.5-1ubuntu1)
vivid/stable-phone-overlay_sks: DNE
vivid/ubuntu-core_sks: DNE
wily_sks: not-affected (1.1.5-1ubuntu1)
xenial_sks: not-affected (1.1.5-1ubuntu1)
yakkety_sks: not-affected (1.1.5-1ubuntu1)
zesty_sks: not-affected (1.1.5-1ubuntu1)
artful_sks: not-affected (1.1.5-1ubuntu1)
bionic_sks: not-affected (1.1.5-1ubuntu1)
cosmic_sks: not-affected (1.1.5-1ubuntu1)
disco_sks: not-affected (1.1.5-1ubuntu1)
devel_sks: not-affected (1.1.5-1ubuntu1)