oss-sec mailing list archives
Re: Squirrelmail CVE duplicates
From: Moritz Mühlenhoff <jmm () inutil org>
Date: Mon, 25 Jul 2011 13:47:47 +0200
On Mon, Jul 25, 2011 at 01:29:04PM +0200, Jan Lieskovsky wrote:
Hi Moritz, thank you for checking this. On 07/24/2011 06:17 PM, Moritz Muehlenhoff wrote:Hi, there seems to be a duplicate CVE assignment for Squirrelmail? CVE-2010-4555 / CVE-2011-2753If I got it right, the CVE-2010-4555 ID has been assigned to the XSS flaws: Multiple cross-site scripting (XSS) flaws were found in the SquirrelMail webmail client: * XSS flaws in generic options inputs, * XSS flaw in the SquirrelSpell plug-in, * XSS flaw in the Index Order page. [1] https://bugzilla.redhat.com/show_bug.cgi?id=720694#c0 while the CVE-2011-2753 ID has been assigned to the CSRF protection add-ons: Also protection against Cross-site Request Forgery (CSRF) flaws has been added to the empty trash feature and to the Index Order page. [2] https://bugzilla.redhat.com/show_bug.cgi?id=720694#c0 [3] https://bugzilla.redhat.com/show_bug.cgi?id=722832#c0
That makes sense, thanks. Cheers, Moritz
Current thread:
- Squirrelmail CVE duplicates Moritz Muehlenhoff (Jul 24)
- Re: Squirrelmail CVE duplicates Jan Lieskovsky (Jul 25)
- Re: Squirrelmail CVE duplicates Moritz Mühlenhoff (Jul 25)
- Re: Squirrelmail CVE duplicates Jan Lieskovsky (Jul 25)