Date: Wed, 25 Nov 2009 14:35:26 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: Alex Legler <a3li@...too.org>, oss-security <oss-security@...ts.openwall.com> Subject: CVE Request - Cacti - 0.8.7e Hello vendors, Moritz Naumann reported multiple cross-site scripting flaws in recent version of Cacti. References: ----------- http://www.cacti.net/download_patches.php http://docs.cacti.net/#cross-site_scripting_fixes http://www.securityfocus.com/bid/37109/info http://bugs.gentoo.org/show_bug.cgi?id=294573 Upstream patch: --------------- http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch Looks like this is different issue than CVE-2008-0783, CVE-2008-0785 and CVE-2008-0786 were. Could you allocate a CVE id? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ