Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 6 Dec 2010 15:08:56 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: Can I request a cve for pfsense regarding -->
 "pfSense "graph.php" Cross-Site Scripting Vulnerabilities"


The original Full-Disclosure post also mentions a number of issues 
that only affect pfsense 2 beta 4.

So, I've assigned CVE-2010-4412 for these other issues.

To review:

CVE-2010-4246 - graph.php (pfsense stable and 2 beta 4)

CVE-2010-4412 - pkg_edit.php, pkg.php, status_graph.php, interfaces.php
                 (only 2 beta 4)


- Steve

On Wed, 24 Nov 2010, Josh Bressers wrote:

> ----- "dave b" <db.pub.mail@...il.com> wrote:
>
>> Can I request a cve for pfsense regarding --> "pfSense "graph.php"
>> Cross-Site Scripting Vulnerabilities"
>>
>> http://secunia.com/advisories/42138
>> (the original email can be found at
>> http://seclists.org/fulldisclosure/2010/Nov/43 ).
>
> Please use CVE-2010-4246 for this.
>
> Thanks.
>
> --
>    JB
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ