Date: Sat, 21 Jan 2012 16:52:56 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 On 01/21/2012 03:44 AM, Jan Lieskovsky wrote: > Hello Kurt, Steve, vendors, > > Multiple XSS flaws were adressed in the v5.0.18 version of Horde IMP > (from ): > > "[mms] SECURITY: Fix XSS vulnerabilities on the compose page (traditional > view), the contacts popup window, and with certain IMAP mailbox names." > > References: >  http://www.horde.org/apps/imp/docs/CHANGES >  http://www.horde.org/apps/imp/docs/RELEASE_NOTES >  http://secunia.com/advisories/47580 >  https://bugs.gentoo.org/show_bug.cgi?id=399563 > > Upstream patches: >  > https://github.com/horde/horde/commit/41136ea893b3d5a84c6228a552f8e211c90f58de > (multiple XSS flaws) > >  > https://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25 > (XSS in email validation) > > Could you allocate CVE ids for these? (two should be enough, one for > the multiple > XSS flaws patch and one for XSS in email validation patch) > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Response Team Please use CVE-2012-0791 for this issue. -- -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ