Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 5 Dec 2015 22:07:46 +0200
From: Henri Salo <henri@...v.fi>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request: Redmine: cross-site scripting
 vulnerability fixed in 3.0.0 and 2.6.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Dec 05, 2015 at 09:40:23AM -0500, cve-assign@...re.org wrote:
> Is there any public information that associates 19117 with the
> 
>   "Potential XSS vulnerability when rendering some flash messages" "2.6.2 and 3.0.0"
> 
> line, or are you providing this association based on your own involvement with the
> vulnerability disclosure?

File ./doc/CHANGELOG says:

== 2015-02-19 v2.6.2
* Defect #19117: Potential XSS vulnerability in some flash messages rendering

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJWY0QSAAoJECet96ROqnV0Eu4QAMpX7Xkqs0e5mOltgTuzDs1j
ML7q9L1VVJylflXcuRvAnJEVDS4LVNylBomlCZmZl8nY88vjZnwUXXh8h0ZRakfY
bUQjrmSQVZrecpO/UVuYQLJUeOO7MvTJFFVsCIQKHA8Y6nGsxtixgTNDOnWHrckn
NVqOf8wg29drsqAXTMoQrDofRJ2l9KgAA52gIdqw3aLx7I1PKyxmscWFuReDfdFt
o9YYl6Z4+Vynre4TfFXFS8h+6U/4zOGUoHo+LbLgjhebQwRXG2sXABB9qJ71aH9K
n8xwTWjKV3M3VjY7bf7tv4O+GCxsC1KMylqZtS3quQjSEKsS2fGuj7Nrd/2J+HqC
4d15fAgg0JRVfZcEmsi0WYVNfN25PrQHpPP7Urh3YhuwL3dDQtHTaqv3Jafx49JG
W0ZLtYRGi5d9a1ZHPt4cpnTDl+eSFLX1Jxcm3LEONBeilnXVYyk689U8P0US4dbj
1iqD/UXMoKs3hpEvi+yRdaPy0OB3DQvdc1k0BdAkbaCYpK7SVQpGed991mtc43MK
t5HhZUXBodlIouEeJkdFB/l33SkhkAnoYwFPJXN+hIkxn/H71+q7uZV7O0QxVtWT
AaalcKRd11ch0q9JpSO1Jh/hCvor85Oib6o8a3v7nu6WMCXxqReICl2SFF8QpRA/
2cBSXbWVcCZTg9gTav85
=/k8P
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ