oss-sec mailing list archives
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 28 Feb 2012 15:34:59 -0700
On 02/28/2012 03:33 PM, Kurt Seifried wrote:
On 02/28/2012 09:32 AM, cve-assign () mitre org wrote:Any javascript code could be executed from Kadu History Window in following conditions:CVE-2012-1410 is assigned to this Kadu issue. We are confused about https://bugzilla.novell.com/show_bug.cgi?id=749036 This is a bug report about this Kadu vulnerability, but it has a CVE assignment of CVE-2006-7248 for a vulnerability in the SMIME_read_PKCS7 function in OpenSSL 0.9.7i. Our perspective is that this means CVE-2006-7248 has been assigned to multiple issues (the Kadu issue and the OpenSSL issue), so we'll now proceed to REJECT CVE-2006-7248 sometime later today unless there's a substantial objection.Please use CVE-2006-7249 for the kadu XSS vulnerability. Sorry about the mess.
Oh fer petes sake, I apologize, read 2006 repeatedly and of course cut and paste the wrong one AGAIN. Ok for real this time: please use CVE-2012-1092 for the kadu XSS issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Jan Lieskovsky (Feb 27)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Marcus Meissner (Feb 29)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 29)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 29)