Date: Tue, 30 Mar 2010 13:21:47 +0200 From: Secunia Research <vuln@...unia.com> To: oss-security@...ts.openwall.com Cc: vuln@...unia.com Subject: Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Hi, This vulnerability was discovered by Secunia and we have already reserved CVE-2010-0132 for it. Please see SA38918  for more information.  http://secunia.com/advisories/38918/ Thanks and kind regards, On Mon, 2010-03-29 at 17:52 -0500, Reed Loden wrote: > Just received an announcement stating ViewVC 1.1.5 and 1.0.11 were > released today (right on the heels of 1.1.4 and 1.0.10, for which I > still haven't received a CVE). Looks like they fix an XSS that needs > a CVE assigned. -- Stefan Cornelius Security Specialist Secunia Weidekampsgade 14 A DK-2300 Copenhagen S Denmark Phone +45 7020 5144 Fax +45 7020 5145
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.