oss-sec mailing list archives

Re: Re: CVE-request: XSS in Webmin 1.540

From: Josh Bressers <bressers () redhat com>
Date: Mon, 13 Jun 2011 14:56:03 -0400 (EDT)

----- Original Message -----

On 13/Jun/2011 06:40 Henri Salo <henri () nerv fi> wrote ..

Hi,

I would like to receive CVE-identifier for this issue in Webmin.
References:

http://seclists.org/fulldisclosure/2011/Apr/393

Javier Bassi told me that the Bugtraq ID is 47558. Couldn't find this
from OSVDB.
Fixed in commit:
https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881
which is included to Webmin 1.550 release.

Should be 2011 identifier.


There is no CVE for this - the original submitter Javier had trouble
obtaining one.

Actually, I have no idea where CVEs come from either!


A CVE id was assigned here:
http://seclists.org/oss-sec/2011/q2/478

As for getting an ID in the future, your best bet is to mail me directly
with your request. MITRE is generally swamped with requests, where I don't
service near the volume they do.

If you have any questions, I'd be happy to answer them.

Thanks.

-- 
    JB

Current thread:

CVE-request: XSS in Webmin 1.540 Henri Salo (Jun 13)
- Re: CVE-request: XSS in Webmin 1.540 Javier Bassi (Jun 13)
- Re: CVE-request: XSS in Webmin 1.540 Jamie Cameron (Jun 13)
  - Re: Re: CVE-request: XSS in Webmin 1.540 Josh Bressers (Jun 13)