Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 2 Jul 2010 14:53:19 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: moin multiple XSS

----- "Raphael Geissert" <geissert@...ian.org> wrote:

> Hi,
> 
> Multiple XSS vulnerabilities have been reported in moin.
> 
> References:
> http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
> http://bugs.debian.org/584809
> 
> Could a CVE be assigned?
> 
> Note that the original bug report only covered PageEditor.py, while
> upstream fixed multiple others at the same time. Not sure if you want to
> assign two different ids.
> 

I'm going to go with one ID, as they were all fixed at the same time.
CVE-2010-2487

>From what I can tell, the extra fixes are mentioned at the end of the moin
advisory, which is enough for me.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.