Date: Wed, 24 Apr 2013 10:04:35 +1200 From: Robbie Mackay <robbie@...ahidi.com> To: oss-security@...ts.openwall.com Subject: CVE Request for XSS vulnerability in Ushahidi Web -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Robb Driscoll (ohrodr) has reported an exploitable XSS bug with report descriptions in Ushahidi_Web (https://github.com/ushahidi/Ushahidi_Web). Original bug report https://github.com/ushahidi/Ushahidi_Web/issues/1009 This will be fixed in the next release Ushahidi 2.7, along with other general XSS issues. We've done a general overhaul of our XSS protection and https://github.com/ushahidi/Ushahidi_Web/pull/1056 Would a CVE normally be assigned just for the specific issue? or for the general fixes to XSS protection as well? Regards, Robbie Mackay Software Developer, External Projects Ushahidi Inc e: robbie@...ahidi.com skype: robbie.mackay -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJRdwVzAAoJEKnxsxigzOTXTi0H/Aw7An7XmKVrE74HA/W6Qx98 RfM3FwR6N4JaUYQrpLeUkq2VOuSnFzwX2u0DftK6pOYKYH7VeNnXqchhHcD3DdVa +uSh5uCVdMQD6/eKv6akJR5O8jjq3IYAwyjXk26yAjmOd7Vyl31MXkRuv9hnu9+S sbgGMjIr+hHrAFIyX56H3e7BefJVx/F1K/R3KPI8pMcLhrnF7q8sb1tlYVCPWdLo rSyo0Igpctx/KQuDYsDGAjF7NomHuT51jjZWL6PGl5czmC637/s4AzGcoMhNlMn5 NNPeogW6JuZQPN9/MX03QfI2Ots5XkjE/fIE0gdgt1Uc3Yjlrs4/+CwCj2X+8l8= =17Qf -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.