Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1269948107.10828.75.camel@TS-HQ-4>
Date: Tue, 30 Mar 2010 13:21:47 +0200
From: Secunia Research <vuln@...unia.com>
To: oss-security@...ts.openwall.com
Cc: vuln@...unia.com
Subject: Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via
	user-provided 'search_re' input

Hi,

This vulnerability was discovered by Secunia and we have already
reserved CVE-2010-0132 for it. Please see SA38918 [1] for more
information.

[1] http://secunia.com/advisories/38918/

Thanks and kind regards,

On Mon, 2010-03-29 at 17:52 -0500, Reed Loden wrote:
> Just received an announcement stating ViewVC 1.1.5 and 1.0.11 were
> released today (right on the heels of 1.1.4 and 1.0.10, for which I
> still haven't received a CVE). Looks like they fix an XSS that needs
> a CVE assigned.

-- 
Stefan Cornelius
Security Specialist

Secunia 
Weidekampsgade 14 A
DK-2300 Copenhagen S
Denmark

Phone  +45 7020 5144
Fax    +45 7020 5145

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.