Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Jan 2012 11:18:37 -0500 (EST)
From: "Steven M. Christey" <coley@...-smtp.mitre.org>
To: oss-security@...ts.openwall.com
cc: Thijs Kinkhorst <thijs@...ian.org>
Subject: Re: CVE request: simpleSAMLphp 1.8.2 cross site
 scripting


On Wed, 11 Jan 2012, Kurt Seifried wrote:

> On 01/11/2012 03:34 AM, Thijs Kinkhorst wrote:
>> Hi,
>>
>> Can I get a CVE for this?
>>
>> http://code.google.com/p/simplesamlphp/issues/detail?id=468
>> http://groups.google.com/group/simplesamlphp-
>> announce/browse_thread/thread/cb96723ee3c6751e
>>
>>
>> thanks,
>> Thijs
> Please use CVE-2012-0040 for this issue.

There are actually two separate bugs, by two different finders, so we need 
two CVEs.

CVE-2012-0040 - the original no_cookie.php issue reported by timtai1

CVE-2012-0908 - (just assigned by me) - the logout.php issue that the 
vendor found while researching CVE-2012-0040.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.