Date: Fri, 20 Jan 2012 11:18:37 -0500 (EST) From: "Steven M. Christey" <coley@...-smtp.mitre.org> To: oss-security@...ts.openwall.com cc: Thijs Kinkhorst <thijs@...ian.org> Subject: Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting On Wed, 11 Jan 2012, Kurt Seifried wrote: > On 01/11/2012 03:34 AM, Thijs Kinkhorst wrote: >> Hi, >> >> Can I get a CVE for this? >> >> http://code.google.com/p/simplesamlphp/issues/detail?id=468 >> http://groups.google.com/group/simplesamlphp- >> announce/browse_thread/thread/cb96723ee3c6751e >> >> >> thanks, >> Thijs > Please use CVE-2012-0040 for this issue. There are actually two separate bugs, by two different finders, so we need two CVEs. CVE-2012-0040 - the original no_cookie.php issue reported by timtai1 CVE-2012-0908 - (just assigned by me) - the logout.php issue that the vendor found while researching CVE-2012-0040. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ