Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Jan 2012 11:18:37 -0500 (EST)
From: "Steven M. Christey" <>
cc: Thijs Kinkhorst <>
Subject: Re: CVE request: simpleSAMLphp 1.8.2 cross site

On Wed, 11 Jan 2012, Kurt Seifried wrote:

> On 01/11/2012 03:34 AM, Thijs Kinkhorst wrote:
>> Hi,
>> Can I get a CVE for this?
>> announce/browse_thread/thread/cb96723ee3c6751e
>> thanks,
>> Thijs
> Please use CVE-2012-0040 for this issue.

There are actually two separate bugs, by two different finders, so we need 
two CVEs.

CVE-2012-0040 - the original no_cookie.php issue reported by timtai1

CVE-2012-0908 - (just assigned by me) - the logout.php issue that the 
vendor found while researching CVE-2012-0040.

- Steve

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ