Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 14 Mar 2015 11:22:04 +0100
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-6316: URL redirection issue in MantisBT

On 2014-12-05 23:35, P Richards wrote:
> "Paul Richards also found another redirection issue in permalink_page.php,
 > which turned out to have the same root cause."
>
> And nik-picking here, but the issue that I identified in permalink_page.php
 > I believe was a cross site scripting issue and not a URL redirection
 > vulnerability so should probably be allocated a separate CVE
 > identifier?

For the record, you reported it to me as a redirection, in the PDF 
document you sent by e-mail.

Anyway, since I came upon this following up on another user's report for 
the same issue, I'm setting things straight now with a CVE request for 
the XSS:

http://thread.gmane.org/gmane.comp.security.oss.general/16119

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ