Re: CVE request: lxr

[Dan Rosenberg <dan.j.rosenberg () gmail com>]

Yes, CVE-2010-1738 is a dupe of CVE-2010-1448.

-Dan

On Sat, Jul 31, 2010 at 10:03 AM, Nico Golde <oss-security+ml () ngolde de> wrote:
> Hi,
> * Josh Bressers <bressers () redhat com> [2010-05-14 21:48]:
> > ----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:
> >
> > > Josh,
> > >
> > > The XSS in the title string was already assigned CVE-2010-1448.  Do
> > > you mean to assign issue #2, the XSS reflected in search results?
> >
> > Sigh, yes.
> >
> > So to sum it up:
> >
> > 1.  XSS in the ident parameter, as described in CVE-2009-4497.
> >
> > 2.  XSS that is reflected via the search results page after issuing
> > This one is now CVE-2010-1625
> >
> > 3. 3.  XSS that is reflected via the <title> tag on the search page, as
> > described in Raphael's original e-mail a few days ago, which Josh assigned
> > CVE-2010-1448
>
> CVE-2010-1738 seems to be a dupe of this?
>
> Cheers
> Nico
> --
> Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
> For security reasons, all text in this mail is double-rot13 encrypted.