oss-sec mailing list archives
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history
From: cve-assign () mitre org
Date: Tue, 28 Feb 2012 11:32:41 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Any javascript code could be executed from Kadu History Window in following conditions:
CVE-2012-1410 is assigned to this Kadu issue. We are confused about https://bugzilla.novell.com/show_bug.cgi?id=749036 This is a bug report about this Kadu vulnerability, but it has a CVE assignment of CVE-2006-7248 for a vulnerability in the SMIME_read_PKCS7 function in OpenSSL 0.9.7i. Our perspective is that this means CVE-2006-7248 has been assigned to multiple issues (the Kadu issue and the OpenSSL issue), so we'll now proceed to REJECT CVE-2006-7248 sometime later today unless there's a substantial objection. - -- CVE assignment team, MITRE CVE Numbering Authority M/S S145 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/obtain_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJPTQBKAAoJEGvefgSNfHMdhXYH/0B7xfkZkD7025beh/Digvpd 48hm8IRtRSbv8UVqsfq+jVjMUlD0blXjhKbli9OBl0xFcMGjZjxnC/3Rt4RZDib4 AAUs9nEp1zB7dvjmsItkOCJk7Cn9CFVk4qCjSSEaz0tjrUXasf6nNsePwDht9zw6 DM8ECv95CHiZ6V7+ZKAfwMRrMpYNxl3WtPGTVxUr9jfhiVvM8qgUvBlhJci4RJs3 XgXxOTynLlMGYZTzY6zX5TJzOxnuojnmsAedwtYJpRMSBmX9TY/Dx356xjoehQUk Swg1IMVM+OcogYRBF5tS6QxrfefM1RDd4YgM0j+dcFA/5xjFLCs1yRY+6Ne0uo8= =lXSm -----END PGP SIGNATURE-----
Current thread:
- CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Jan Lieskovsky (Feb 27)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Marcus Meissner (Feb 29)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 29)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)