Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120229102951.GA18647@suse.de>
Date: Wed, 29 Feb 2012 11:29:51 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org, mateusz.goik@...antsoft.pl
Subject: Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history

On Tue, Feb 28, 2012 at 10:23:07AM -0700, Kurt Seifried wrote:
> On 02/28/2012 09:32 AM, cve-assign@...re.org wrote:
> >> Any javascript code could be executed from Kadu History Window
> >> in following conditions:
> > 
> > CVE-2012-1410 is assigned to this Kadu issue.
> > 
> > We are confused about
> > 
> > https://bugzilla.novell.com/show_bug.cgi?id=749036
> > 
> > This is a bug report about this Kadu vulnerability, but it has a
> > CVE assignment of CVE-2006-7248 for a vulnerability in the 
> > SMIME_read_PKCS7 function in OpenSSL 0.9.7i. Our perspective is
> > that this means CVE-2006-7248 has been assigned to multiple issues
> > (the Kadu issue and the OpenSSL issue), so we'll now proceed to
> > REJECT CVE-2006-7248 sometime later today unless there's a
> > substantial objection.
> 
> Argh sorry cut and paste the wrong CVE # into novell's bugzilla. Can
> we just remove it from there please?

I made the specific comment private.

So is this kadu issue now CVE-2012-1410 or CVE-2012-1092?

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.