Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Feb 2012 15:33:00 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: cve-assign@...re.org, mateusz.goik@...antsoft.pl
Subject: Re: Re: CVE Status Clarification / Request -- kadu:
 Stored XSS by parsing contact's status and sms messages in history

On 02/28/2012 09:32 AM, cve-assign@...re.org wrote:
>> Any javascript code could be executed from Kadu History Window
>> in following conditions:
> 
> CVE-2012-1410 is assigned to this Kadu issue.
> 
> We are confused about
> 
> https://bugzilla.novell.com/show_bug.cgi?id=749036
> 
> This is a bug report about this Kadu vulnerability, but it has a
> CVE assignment of CVE-2006-7248 for a vulnerability in the 
> SMIME_read_PKCS7 function in OpenSSL 0.9.7i. Our perspective is
> that this means CVE-2006-7248 has been assigned to multiple issues
> (the Kadu issue and the OpenSSL issue), so we'll now proceed to
> REJECT CVE-2006-7248 sometime later today unless there's a
> substantial objection.

Please use CVE-2006-7249 for the kadu XSS vulnerability. Sorry about
the mess.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.