Re: CVE request: lxr

[Josh Bressers <bressers () redhat com>]

----- "Raphael Geissert" <geissert () debian org> wrote:

> Hi,
>
> While working on an update for lxr the following commit by upstream
> that 
> fixes an XSS vulnerability in the search page was found:
>
> > Fix XSS exploit in title string
> http://lxr.cvs.sourceforge.net/viewvc/lxr/lxr/lib/LXR/Common.pm?r1=1.63&r2=1.64
>
> It does not seem to be covered by CVE-2009-4497.
>
> Please assign an id. Thanks in advance.

Please use CVE-2010-1448 for this.

Thanks.

-- 
    JB