Date: Sun, 28 Jun 2015 06:55:07 -0400 (EDT) From: cve-assign@...re.org To: matthew@...thewwilkes.co.uk Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: Django CMS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > a CSRF issue around publishing of draft changes > > http://www.django-cms.org/en/blog/2015/06/27/311-3014-release/ > https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a Use CVE-2015-5081 for the CSRF issue. The cms.changelist.js and cms.toolbar.js changes include a comment "send post request to prevent xss attacks." The "xss" word choice might be a mistake. We are not currently assigning a CVE ID for a separate XSS issue. > Sylvain Fankhauser of L//P and Matthew Wilkes of The Code Distillery, > who discovered and privately demonstrated to the django CMS core > developers an important CSRF vulnerability and contacted us through > the documented channels. CVE IDs were not assigned on a per-discoverer basis here because there was no available information suggesting that different persons independently discovered different CSRF problems. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVj9ICAAoJEKllVAevmvmsdu4H/1c3jL6XKKu20IXZe50bHo3q LIqJQ5uIfYR3K1ZwO2UIP4GYQHfbnJw7sSMnijAeEqkKXOdZLNwyVXM8od20YR2x axSLTHjl6Wygxn+z+inLf5pRNZiF4q+s4U+h0KXUIbJN6VDtSYkY5f0axh4P29sv JwTmVzL6+WWEiJ24gRY8uB6awhoFCFJ+62BCqNSnBoa81rt6mwMIMO4z4deKJM5Y p8K0jSeYJF8HHuhIGCBFUQ02jC8arlawuwnsyjnjFDOFSbLMrhuwVx7yF5Ut+Z8P nNl38ABeqm03r6dRp1Fu81itEhH3Gw3EGXbDyr8Ivbk2TQ7L4bntdxnAPPOb8TU= =3AtE -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.