[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: simpleSAMLphp 1.8.2 cross site scripting
From:       "Steven M. Christey" <coley () rcf-smtp ! mitre ! org>
Date:       2012-01-20 16:18:37
Message-ID: Pine.GSO.4.64.1201201117010.12004 () faron ! mitre ! org
[Download RAW message or body]


On Wed, 11 Jan 2012, Kurt Seifried wrote:

> On 01/11/2012 03:34 AM, Thijs Kinkhorst wrote:
>> Hi,
>>
>> Can I get a CVE for this?
>>
>> http://code.google.com/p/simplesamlphp/issues/detail?id=468
>> http://groups.google.com/group/simplesamlphp-
>> announce/browse_thread/thread/cb96723ee3c6751e
>>
>>
>> thanks,
>> Thijs
> Please use CVE-2012-0040 for this issue.

There are actually two separate bugs, by two different finders, so we need 
two CVEs.

CVE-2012-0040 - the original no_cookie.php issue reported by timtai1

CVE-2012-0908 - (just assigned by me) - the logout.php issue that the 
vendor found while researching CVE-2012-0040.

- Steve
[prev in list] [next in list] [prev in thread] [next in thread]