Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 May 2010 15:40:10 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: lxr


----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote:

> Josh,
> 
> The XSS in the title string was already assigned CVE-2010-1448.  Do
> you mean to assign issue #2, the XSS reflected in search results?
> 

Sigh, yes.

So to sum it up:

1.  XSS in the ident parameter, as described in CVE-2009-4497.

2.  XSS that is reflected via the search results page after issuing
This one is now CVE-2010-1625

3. 3.  XSS that is reflected via the <title> tag on the search page, as
described in Raphael's original e-mail a few days ago, which Josh assigned
CVE-2010-1448

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ