Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 14 Mar 2015 11:22:04 +0100
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-6316: URL redirection issue in MantisBT

On 2014-12-05 23:35, P Richards wrote:
> "Paul Richards also found another redirection issue in permalink_page.php,
 > which turned out to have the same root cause."
>
> And nik-picking here, but the issue that I identified in permalink_page.php
 > I believe was a cross site scripting issue and not a URL redirection
 > vulnerability so should probably be allocated a separate CVE
 > identifier?

For the record, you reported it to me as a redirection, in the PDF 
document you sent by e-mail.

Anyway, since I came upon this following up on another user's report for 
the same issue, I'm setting things straight now with a CVE request for 
the XSS:

http://thread.gmane.org/gmane.comp.security.oss.general/16119

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ