[Fwd: Cross-Site Scripting in Banshee DAAP Extension]

[Anthony <tony () outpost24 com>]

I've notified Redhat and the Novell/SuSE security teams about a
vulnerability in Banshee's DAAP extension. I have requested a CVE name
for this. I will update this list when I have received the actual CVE
name.
> --- Begin Message ---
>
>
> From: Anthony <tony () outpost24 com>
>
> Date: Mon, 30 Mar 2009 11:38:21 +0200
>
> I would like to reserve a CVE name for a cross-site scripting
> vulnerability in the DAAP extension of Banshee. A description of the
> vulnerability can be found in the GNOME bugzilla
> (http://bugzilla.gnome.org/show_bug.cgi?id=577270).
> I have notified the RedHat and SuSE/Novell security teams. I consider
> the bugzilla a notification to the upstream vendor (which also happens
> to be Novell anyway).
> Upstream vendor is aware that I'm requesting this CVE name.
>
> I'm still waiting for RHSA and SUSE-SA numbers. I'll follow up when I
> have them.
>
> Thank you in advance,
> - Tony
>
>
> --- End Message ---