[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: lxr
From:       Dan Rosenberg <dan.j.rosenberg () gmail ! com>
Date:       2010-07-31 16:09:35
Message-ID: AANLkTik3gQ0QzGQB27m9YcPAt+1qiz11Bmt-kzLLWnT7 () mail ! gmail ! com
[Download RAW message or body]

Yes, CVE-2010-1738 is a dupe of CVE-2010-1448.

-Dan

On Sat, Jul 31, 2010 at 10:03 AM, Nico Golde <oss-security+ml@ngolde.de> wrote:
> Hi,
> * Josh Bressers <bressers@redhat.com> [2010-05-14 21:48]:
>> ----- "Dan Rosenberg" <dan.j.rosenberg@gmail.com> wrote:
>>
>> > Josh,
>> >
>> > The XSS in the title string was already assigned CVE-2010-1448.  Do
>> > you mean to assign issue #2, the XSS reflected in search results?
>> >
>>
>> Sigh, yes.
>>
>> So to sum it up:
>>
>> 1.  XSS in the ident parameter, as described in CVE-2009-4497.
>>
>> 2.  XSS that is reflected via the search results page after issuing
>> This one is now CVE-2010-1625
>>
>> 3. 3.  XSS that is reflected via the <title> tag on the search page, as
>> described in Raphael's original e-mail a few days ago, which Josh assigned
>> CVE-2010-1448
>
> CVE-2010-1738 seems to be a dupe of this?
>
> Cheers
> Nico
> --
> Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
> For security reasons, all text in this mail is double-rot13 encrypted.
>

[prev in list] [next in list] [prev in thread] [next in thread]