Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Dec 2014 22:35:15 -0000
From: "P Richards" <>
To: <>,
	"'Damien Regad'" <>,
Subject: RE: CVE-2014-6316: URL redirection issue in MantisBT

"Paul Richards also found another redirection issue in permalink_page.php, which turned out to have the same root cause."

And nik-picking here, but the issue that I identified in permalink_page.php I believe was a cross site scripting issue and not a URL redirection vulnerability so should probably be allocated a separate CVE identifier?

The http request headers of the permalink_page.php issue that I recall are at and relate to a XSS vulnerability and not a URL Redirection as shown in the image linked.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.