Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Squirrelmail CVE duplicates
From: Moritz Mühlenhoff <jmm () inutil org>
Date: Mon, 25 Jul 2011 13:47:47 +0200


On Mon, Jul 25, 2011 at 01:29:04PM +0200, Jan Lieskovsky wrote:
Hi Moritz,

  thank you for checking this.

On 07/24/2011 06:17 PM, Moritz Muehlenhoff wrote:
Hi,
there seems to be a duplicate CVE assignment for Squirrelmail?

CVE-2010-4555 / CVE-2011-2753

If I got it right, the CVE-2010-4555 ID has been assigned to the XSS
flaws:

Multiple cross-site scripting (XSS) flaws were found in the SquirrelMail
webmail client:
* XSS flaws in generic options inputs,
* XSS flaw in the SquirrelSpell plug-in,
* XSS flaw in the Index Order page.

[1]
https://bugzilla.redhat.com/show_bug.cgi?id=720694#c0

while the CVE-2011-2753 ID has been assigned to the CSRF protection add-ons:

Also protection against Cross-site Request Forgery (CSRF) flaws has
been added to the empty trash feature and to the Index Order page.
[2] https://bugzilla.redhat.com/show_bug.cgi?id=720694#c0
[3] https://bugzilla.redhat.com/show_bug.cgi?id=722832#c0

That makes sense, thanks.

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault