Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <493485158.650175.1307991363905.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Mon, 13 Jun 2011 14:56:03 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: webadmin-devel@...ts.sourceforge.net, javierbassi@...il.com,
        Henri Salo <henri@...v.fi>
Subject: Re: Re: CVE-request: XSS in Webmin 1.540

----- Original Message -----
> On 13/Jun/2011 06:40 Henri Salo <henri@...v.fi> wrote ..
> > Hi,
> >
> > I would like to receive CVE-identifier for this issue in Webmin.
> > References:
> >
> > http://seclists.org/fulldisclosure/2011/Apr/393
> >
> > Javier Bassi told me that the Bugtraq ID is 47558. Couldn't find this
> > from OSVDB.
> > Fixed in commit:
> > https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881
> > which is included to Webmin 1.550 release.
> >
> > Should be 2011 identifier.
> 
> There is no CVE for this - the original submitter Javier had trouble
> obtaining one.
> 
> Actually, I have no idea where CVEs come from either!
> 

A CVE id was assigned here:
http://seclists.org/oss-sec/2011/q2/478

As for getting an ID in the future, your best bet is to mail me directly
with your request. MITRE is generally swamped with requests, where I don't
service near the volume they do.

If you have any questions, I'd be happy to answer them.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.