Date: Thu, 21 May 2009 10:57:30 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: Henri Salo <henri@...v.fi>, coley@...us.mitre.org Subject: Re: CVE Request for cacti On Mon, 18 May 2009, Robert Buchholz wrote: > Do you have any indication this is not covered by CVE-2008-0783? CVE-2008-0783 as intended by MITRE is only about the specific vectors that are listed there. Henri's vector is "new." I wasn't aware that Cacti fixed other issues - if so, we should probably assign a new CVE for "all the other XSS fixed in 0.8.7b" and mention Henri's vector as one of them. - Steve > > Robert > >  > http://www.cacti.net/downloads/patches/0.8.7a/multiple_vulnerabilities-0.8.7a.patch >  http://lists.debian.org/debian-security-announce/2008/msg00144.html > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.