Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 6 Jun 2014 23:04:00 -0400 (EDT)
From: cve-assign@...re.org
To: sgallagh@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Djblets json_dumps ... User can change their display name to [an XSS
>                        sequence]
> https://code.google.com/p/reviewboard/issues/detail?id=3406
> (the discoverer name begins with "uchida")

Use CVE-2014-3994.


> Djblets gravatar templates ... User can change their display name to
>                                [an XSS sequence]
> discoverer = Christian Hammond of Bean Bag, Inc. (author of Review Board)

Use CVE-2014-3995.


(There are two CVE IDs because of the two discoverers.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTkoDdAAoJEKllVAevmvmsFqIH/3KB48igwDOtf2uW8MvNVlIb
uJloJ+rV1z6+aoAcdPSPkTfHta+EAzkkdrFAnSM2YDP1ClafQOiTkBO5HpXrbWew
BH+AER+rPNBU1K1vgjVGX8Fu6+H+2u75s2ynQ9ejxLp358Xll6WlHvHlHyk5N4hc
1KzG0gj6+ISb/HRRyF2ZI3nVHPYO9CQk1Ir06TAT5oVjbMGPXrFrC4BBNQ1z57sc
cNmELtMkwBFbvOg4LTIDFikNY0yT019B+NCJ5MW5TI4WG1F/7VJGNaXbcR67597h
z3Fo8VCfJu/syvWDnFwf9fX/+8AYeVm24BP+oMWhBxVC/PUBiM2QdRhChU5RFVQ=
=uoZF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ