Openwall GNU/*/Linux 3.0 - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 13 Jun 2011 14:56:03 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: webadmin-devel@...ts.sourceforge.net, javierbassi@...il.com,
        Henri Salo <henri@...v.fi>
Subject: Re: Re: CVE-request: XSS in Webmin 1.540

----- Original Message -----
> On 13/Jun/2011 06:40 Henri Salo <henri@...v.fi> wrote ..
> > Hi,
> >
> > I would like to receive CVE-identifier for this issue in Webmin.
> > References:
> >
> > http://seclists.org/fulldisclosure/2011/Apr/393
> >
> > Javier Bassi told me that the Bugtraq ID is 47558. Couldn't find this
> > from OSVDB.
> > Fixed in commit:
> > https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881
> > which is included to Webmin 1.550 release.
> >
> > Should be 2011 identifier.
> 
> There is no CVE for this - the original submitter Javier had trouble
> obtaining one.
> 
> Actually, I have no idea where CVEs come from either!
> 

A CVE id was assigned here:
http://seclists.org/oss-sec/2011/q2/478

As for getting an ID in the future, your best bet is to mail me directly
with your request. MITRE is generally swamped with requests, where I don't
service near the volume they do.

If you have any questions, I'd be happy to answer them.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ