Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 28 Feb 2012 15:33:00 -0700

On 02/28/2012 09:32 AM, cve-assign () mitre org wrote:
Any javascript code could be executed from Kadu History Window
in following conditions:

CVE-2012-1410 is assigned to this Kadu issue.

We are confused about

https://bugzilla.novell.com/show_bug.cgi?id=749036

This is a bug report about this Kadu vulnerability, but it has a
CVE assignment of CVE-2006-7248 for a vulnerability in the 
SMIME_read_PKCS7 function in OpenSSL 0.9.7i. Our perspective is
that this means CVE-2006-7248 has been assigned to multiple issues
(the Kadu issue and the OpenSSL issue), so we'll now proceed to
REJECT CVE-2006-7248 sometime later today unless there's a
substantial objection.

Please use CVE-2006-7249 for the kadu XSS vulnerability. Sorry about
the mess.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]