|
Message-ID: <Pine.GSO.4.64.1201201117010.12004@faron.mitre.org> Date: Fri, 20 Jan 2012 11:18:37 -0500 (EST) From: "Steven M. Christey" <coley@...-smtp.mitre.org> To: oss-security@...ts.openwall.com cc: Thijs Kinkhorst <thijs@...ian.org> Subject: Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting On Wed, 11 Jan 2012, Kurt Seifried wrote: > On 01/11/2012 03:34 AM, Thijs Kinkhorst wrote: >> Hi, >> >> Can I get a CVE for this? >> >> http://code.google.com/p/simplesamlphp/issues/detail?id=468 >> http://groups.google.com/group/simplesamlphp- >> announce/browse_thread/thread/cb96723ee3c6751e >> >> >> thanks, >> Thijs > Please use CVE-2012-0040 for this issue. There are actually two separate bugs, by two different finders, so we need two CVEs. CVE-2012-0040 - the original no_cookie.php issue reported by timtai1 CVE-2012-0908 - (just assigned by me) - the logout.php issue that the vendor found while researching CVE-2012-0040. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.