oss-sec mailing list archives
Re: CVE Request - Asterisk (AST-2009-008.html)
From: Alex Legler <a3li () gentoo org>
Date: Sat, 7 Nov 2009 19:04:49 +0100
On Sat, 7 Nov 2009 18:08:55 +0100, Moritz Muehlenhoff <jmm () inutil org> wrote:
Jan Lieskovsky wrote:The second issue (b,) already got an CVE id of CVE-2008-7220. b, Cross-site AJAX request vulnerability (CVE-2008-7220) http://downloads.asterisk.org/pub/security/AST-2009-009.htmlThis seems to be a mistake; CVE-2008-7220 already identifies a prototypejs issue.
This is correct. Asterisk ships a copy of prototype.js. From the Asterisk advisory:
Asterisk includes a demonstration AJAX based manager interface, ajamdemo.html which uses the prototype.js framework.
Alex
Attachment:
signature.asc
Description:
Current thread:
- CVE Request - Asterisk (AST-2009-008.html) Jan Lieskovsky (Nov 05)
- Re: CVE Request - Asterisk (AST-2009-008.html) Josh Bressers (Nov 05)
- Re: CVE Request - Asterisk (AST-2009-008.html) Moritz Muehlenhoff (Nov 07)
- Re: CVE Request - Asterisk (AST-2009-008.html) Alex Legler (Nov 07)