[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2010-03-30 17:49:08
Message-ID: Pine.GSO.4.64.1003301346480.4709 () faron ! mitre ! org
[Download RAW message or body]


On Tue, 30 Mar 2010, Reed Loden wrote:

> Apparently, Secunia has already assigned this CVE-2010-0132, as per
> their advisory that just came out...
>
> http://secunia.com/secunia_research/2010-26/
>
> Again, still need a CVE for the XSS fix in ViewVC 1.1.4 and 1.1.10,
> however.


Here's what I have:

   CVE-2010-0736 - XSS in view_queryform (lib/viewvc.py) in 1.1.x before
   1.1.4, and 1.0 before 1.0.10.  (Note that Vincent Danen assigned a CVE
   last week at http://www.openwall.com/lists/oss-security/2010/03/16/14)

   CVE-2010-0132 - Secunia-assigned; for "regular expression search" before
   1.0.11 / 1.1.5


- Steve
[prev in list] [next in list] [prev in thread] [next in thread]