oss-sec mailing list archives
CVE request for planet
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 8 Oct 2009 11:13:22 -0600
A second vulnerability was found by Secunia in planet, that differs from CVE-2009-2937. Details are available here: https://bugzilla.redhat.com/show_bug.cgi?id=525772 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178#30 There is a bit of confusion surrounding the two issues, but it seems as though they are, in fact, two separate issues. The first (CVE-2009-2937) deals with insufficient escaping of input feeds, while the second deals with some CDATA filtering problems as well. Steve, does this warrant a second CVE or should the CDATA filtering fall under CVE-2009-2937 as well? Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request for planet Vincent Danen (Oct 08)