Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <me124c$4ga$1@ger.gmane.org>
Date: Sat, 14 Mar 2015 11:22:04 +0100
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-6316: URL redirection issue in MantisBT

On 2014-12-05 23:35, P Richards wrote:
> "Paul Richards also found another redirection issue in permalink_page.php,
 > which turned out to have the same root cause."
>
> And nik-picking here, but the issue that I identified in permalink_page.php
 > I believe was a cross site scripting issue and not a URL redirection
 > vulnerability so should probably be allocated a separate CVE
 > identifier?

For the record, you reported it to me as a redirection, in the PDF 
document you sent by e-mail.

Anyway, since I came upon this following up on another user's report for 
the same issue, I'm setting things straight now with a CVE request for 
the XSS:

http://thread.gmane.org/gmane.comp.security.oss.general/16119

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.