Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4E2D5380.6020907@redhat.com>
Date: Mon, 25 Jul 2011 13:29:04 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: Moritz Muehlenhoff <jmm@...ian.org>,
        "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security@...ts.openwall.com
Subject: Re: Squirrelmail CVE duplicates

Hi Moritz,

   thank you for checking this.

On 07/24/2011 06:17 PM, Moritz Muehlenhoff wrote:
> Hi,
> there seems to be a duplicate CVE assignment for Squirrelmail?
>
> CVE-2010-4555 / CVE-2011-2753

If I got it right, the CVE-2010-4555 ID has been assigned to the XSS
flaws:

Multiple cross-site scripting (XSS) flaws were found in the SquirrelMail
webmail client:
* XSS flaws in generic options inputs,
* XSS flaw in the SquirrelSpell plug-in,
* XSS flaw in the Index Order page.

[1]
https://bugzilla.redhat.com/show_bug.cgi?id=720694#c0

while the CVE-2011-2753 ID has been assigned to the CSRF protection add-ons:

Also protection against Cross-site Request Forgery (CSRF) flaws has
been added to the empty trash feature and to the Index Order page.
[2] https://bugzilla.redhat.com/show_bug.cgi?id=720694#c0
[3] https://bugzilla.redhat.com/show_bug.cgi?id=722832#c0

Hope this helps && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

>
> Cheers,
>          Moritz
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.