Date: Sun, 28 Jun 2015 12:20:52 +0100 From: Matthew Wilkes <matt@...thewwilkes.name> To: cve-assign@...re.org, matthew@...thewwilkes.co.uk Cc: oss-security@...ts.openwall.com Subject: Re: CVE Request: Django CMS > Use CVE-2015-5081 for the CSRF issue. Thank you! > The cms.changelist.js and cms.toolbar.js changes include a comment > "send post request to prevent xss attacks." The "xss" word choice > might be a mistake. We are not currently assigning a CVE ID for a > separate XSS issue. I believe you are correct. > CVE IDs were not assigned on a per-discoverer basis here because there > was no available information suggesting that different persons > independently discovered different CSRF problems. I don't believe that they were different, having read the public information. I've asked for clarification from the vendor, though. If anything, my logic for including the information about credit was to emphasise that it was one issue reported by two people and make us both searchable, in case there is confusion if one or both of us write up the issue in future. Thanks, Matt
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ