oss-sec mailing list archives
Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re: [oss-security] Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue]
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 23 Nov 2011 12:45:08 +0100
Hello Steve, thank you for the clarification due this.But according to latest CVE-2011-2708 and CVE-2011-4331 description assignment, there seems to be a type (rounded / cycled definition of both):
====================================================== Name: CVE-2011-2708 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2708 [Open URL] Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20110711 Category: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2708. Reason: This candidate is a duplicate of CVE-2011-2708. Notes: All CVE users should reference CVE-2011-2708 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. This one should mention 'CVE-2011-2710' in the body (based on the reply below). ====================================================== Name: CVE-2011-4331 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4331 [Open URL] Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20111104 Category: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4331. Reason: This candidate is a duplicate of CVE-2011-4331. Notes: All CVE users should reference CVE-2011-4331 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. This one should use "CVE-2011-4110" in the body, based on: http://seclists.org/oss-sec/2011/q4/378 Could you correct these two yet? (not a big deal, just wanted to point this out those two to be described correctly, even when being duplicates). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team On 11/23/2011 04:30 AM, Steven M. Christey wrote:
Let's keep CVE-2011-2710 and we will reject CVE-2011-2708. Henri, I'm sorry about the lack of response :-( - Steve On Mon, 21 Nov 2011, Kurt Seifried wrote:CVE-2011-2708 and CVE-2011-2710 are both about 20110701 XSS vulnerability: http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html and I have already contacted MITRE twice to get another one marked as obsolete. Best regards, Henri SaloOk CVE-2011-2710 is public in CVE and NVD: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2710, and CVE-2011-2708 is still marked as reserved so we should probably quietly take CVE-2011-2708 out back and shoot it. CC'ing mitre. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Kurt Seifried (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Steven M. Christey (Nov 22)
- Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re: [oss-security] Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue] Jan Lieskovsky (Nov 23)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)