Date: Tue, 30 Mar 2010 13:21:47 +0200 From: Secunia Research <vuln@...unia.com> To: oss-security@...ts.openwall.com Cc: vuln@...unia.com Subject: Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Hi, This vulnerability was discovered by Secunia and we have already reserved CVE-2010-0132 for it. Please see SA38918  for more information.  http://secunia.com/advisories/38918/ Thanks and kind regards, On Mon, 2010-03-29 at 17:52 -0500, Reed Loden wrote: > Just received an announcement stating ViewVC 1.1.5 and 1.0.11 were > released today (right on the heels of 1.1.4 and 1.0.10, for which I > still haven't received a CVE). Looks like they fix an XSS that needs > a CVE assigned. -- Stefan Cornelius Security Specialist Secunia Weidekampsgade 14 A DK-2300 Copenhagen S Denmark Phone +45 7020 5144 Fax +45 7020 5145
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.