Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 15 Oct 2013 23:52:16 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: cve-assign@...re.org
Subject: Re: CVE request: xss in XHProf

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/13/2013 07:01 PM, Murray McAllister wrote:
> Hello,
> 
> A cross-site scripting flaw was fixed in XHProf:
> 
> https://bugs.gentoo.org/show_bug.cgi?id=487858 
> http://pecl.php.net/package-changelog.php?package=xhprof&release=0.9.4
>
> 
https://bugzilla.redhat.com/show_bug.cgi?id=1018114
> http://pecl.php.net/package/xhprof
> 
> Can a CVE please be assigned if one has not been already?
> 
> Thanks,
> 
> -- Murray McAllister / Red Hat Security Response Team

Please use CVE-2013-4433 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSXimQAAoJEBYNRVNeJnmTJeMQALKLWmKmPt2+JuYzRGMvYjKk
XcN/rHLKa5+YJ+CpxJqQfruTiMVwpRhst1B/MrrDuQG27K2xW71GAYQ25i4mJn5l
tWgBdUeKgLjXmovsLr46A1gPU4iBGkKtyO2laYkS8l1c3U2ibGDr+rbcPFW+MkEG
DXiWnhQUWEJF3lmVUWobdZPk8laXWU/ozhuxBrfysCHIvKgvGyRtdEzIR4hwosyJ
x8leEFHJnghIjU2T08z7K/++pqBx+NvnyfIyZNYDc5r6+4ceCKO2FaAGjYIISt8W
HSZi4brymruGcBVzQaLuQBTDUqjHOxe4hbFJPygTYSFcSJ9B1CbE02YgAn0V2Jbp
I7UwWxWoZx3WZ1+QIfc1enxm2dXNmSzrvS6cfURcSahGZBR997vwIKjHyW2TUiBo
KysM1BkQGmufDHzjxmXa5SAzySp1wRRg90WdjsV9N+D52Y14buGUkPB+jmcs4gYU
YBr8PyEB6IV9P3EIn80i/4VK1+uTC6qzLoSkp2L+dx/8OzVnrlHoP2L300aEWOL1
p5FNlg+MjTUDBs2+c2GN6uU5DFAo4ut9yxteCDQJT2H1R/b4LCcN0we9po8SYEkv
E7VqnIyy+WI9/G3gNeZbjtPAQeUUZo3lsd2yESJW/x0sjj9+OT37VFBq2GlRJkar
y7TtvFVtQ4MmsXeCnS7B
=9Hsb
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ