oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request for planet

From: Vincent Danen <vdanen () redhat com>
Date: Thu, 8 Oct 2009 11:13:22 -0600
A second vulnerability was found by Secunia in planet, that differs from
CVE-2009-2937.  Details are available here:

https://bugzilla.redhat.com/show_bug.cgi?id=525772
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178#30

There is a bit of confusion surrounding the two issues, but it seems as
though they are, in fact, two separate issues.  The first
(CVE-2009-2937) deals with insufficient escaping of input feeds, while
the second deals with some CDATA filtering problems as well.

Steve, does this warrant a second CVE or should the CDATA filtering fall
under CVE-2009-2937 as well?

Thanks.

--
Vincent Danen / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: