Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Nov 2009 14:35:26 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: Alex Legler <a3li@...too.org>,
        oss-security <oss-security@...ts.openwall.com>
Subject: CVE Request - Cacti - 0.8.7e

Hello vendors,

   Moritz Naumann reported multiple cross-site scripting flaws in
recent version of Cacti.

References:
-----------
http://www.cacti.net/download_patches.php
http://docs.cacti.net/#cross-site_scripting_fixes
http://www.securityfocus.com/bid/37109/info
http://bugs.gentoo.org/show_bug.cgi?id=294573

Upstream patch:
---------------
http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch

Looks like this is different issue than CVE-2008-0783, CVE-2008-0785
and CVE-2008-0786 were.

Could you allocate a CVE id?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ