Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 25 Nov 2009 12:08:20 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Alex Legler <a3li@...too.org>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request - Cacti - 0.8.7e

As best as I can tell, one ID will suffice.

Please use CVE-2009-4032.

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote:

> Hello vendors,
> 
>    Moritz Naumann reported multiple cross-site scripting flaws in
> recent version of Cacti.
> 
> References:
> -----------
> http://www.cacti.net/download_patches.php
> http://docs.cacti.net/#cross-site_scripting_fixes
> http://www.securityfocus.com/bid/37109/info
> http://bugs.gentoo.org/show_bug.cgi?id=294573
> 
> Upstream patch:
> ---------------
> http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
> 
> Looks like this is different issue than CVE-2008-0783, CVE-2008-0785
> and CVE-2008-0786 were.
> 
> Could you allocate a CVE id?
> 
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ