Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <50124D84.8080005@redhat.com>
Date: Fri, 27 Jul 2012 02:12:52 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>, sschurtz@...nline.de
Subject: Re: CVE-request: WordPress plugin Count Per Day XSS
 (SSCHADV2012-015)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/24/2012 01:26 AM, Henri Salo wrote:
> Hello,
> 
> Can we assign 2012 CVE-identifier for XSS vulnerability in
> WordPress plugin Count Per Day, thanks.
> 
> Original advisory:
> http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt 
> OSVDB: http://osvdb.org/show/osvdb/83491 Secunia advisory:
> http://secunia.com/advisories/49692/ Vendor page:
> http://www.tomsdimension.de/wp-plugins/count-per-day SCM:
> http://plugins.trac.wordpress.org/changeset/571926/count-per-day#file22
>
>  Fixed in version 3.2 of the plugin, which I manually verified.
> 
> - Henri Salo
> 

Sorry forgot to about this one. Please use CVE-2012-3434 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQEk2EAAoJEBYNRVNeJnmTlyUP/ivkklXhU+nObX/T80m9ujIF
JJcoejmbkl8kVsBhezT0wm8vKKKJpgHAvI/7M/IrEBw2OAXjQETWCkxWqOAGvgyG
zFXsFSFPpVYyOtrfTdF4PIE+6rw54rT/n0FOSwZa3MyrDEFRydzreUzpovDm32b3
xeAuXu0wixgxCr4p6RmuKbeFIoInIJhwBKf2NgcUP1DumjIGru0yryLwg7kI+FaK
wTlgHNEuCiWN5tPvHd5EmVMi9KPTDiRFpaylSUvu28O6aaV4FPtlSd7TVseuyEz2
Fkv0R/kUgimmoBtfN0K79nTgkLTZ79ETGQWC7uwH6lQLCd3wYRbUdn6XvLiE3+r0
euEoeWVitEec0RnZns/xpULuXZvL0tbwBdCyQ1ipbmeY3fVyYrSE84hgb3SOddbi
MEBZODZgsiK5UUL6d3mxRPHYwTHxs6ZJyd1AHbXAZjX0smJ7+t0e/Lfd1JiDZaqP
IzDeRZDSXwjzhBfIEMfzK+fjbCSa5lZA0Ufc7dRzvjzz0uAWobOLWEOexvYpMjZZ
vetfsKz0PDbg/9gajz2SsTMQk47MS3w882igYzkIq/pDgHiJQkKh/Rl/8bglfNpn
HwNnlcl3XYzuGMrHAb2zSKhe11TPprMe+OK0+dNwprZx6lEqnDbLgM+8tHYevThp
Oe9yvBL8mx/xKX3PhTj8
=cUhC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.