Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0905211056140.18536@faron.mitre.org>
Date: Thu, 21 May 2009 10:57:30 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: Henri Salo <henri@...v.fi>, coley@...us.mitre.org
Subject: Re: CVE Request for cacti


On Mon, 18 May 2009, Robert Buchholz wrote:

> Do you have any indication this is not covered by CVE-2008-0783?

CVE-2008-0783 as intended by MITRE is only about the specific vectors that
are listed there.  Henri's vector is "new."  I wasn't aware that Cacti
fixed other issues - if so, we should probably assign a new CVE for "all
the other XSS fixed in 0.8.7b" and mention Henri's vector as one of them.

- Steve


>
> Robert
>
> [1]
> http://www.cacti.net/downloads/patches/0.8.7a/multiple_vulnerabilities-0.8.7a.patch
> [2] http://lists.debian.org/debian-security-announce/2008/msg00144.html
>
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.