|
Message-ID: <4F4D0D7B.9020004@redhat.com> Date: Tue, 28 Feb 2012 10:23:07 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: cve-assign@...re.org, mateusz.goik@...antsoft.pl Subject: Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history On 02/28/2012 09:32 AM, cve-assign@...re.org wrote: >> Any javascript code could be executed from Kadu History Window >> in following conditions: > > CVE-2012-1410 is assigned to this Kadu issue. > > We are confused about > > https://bugzilla.novell.com/show_bug.cgi?id=749036 > > This is a bug report about this Kadu vulnerability, but it has a > CVE assignment of CVE-2006-7248 for a vulnerability in the > SMIME_read_PKCS7 function in OpenSSL 0.9.7i. Our perspective is > that this means CVE-2006-7248 has been assigned to multiple issues > (the Kadu issue and the OpenSSL issue), so we'll now proceed to > REJECT CVE-2006-7248 sometime later today unless there's a > substantial objection. Argh sorry cut and paste the wrong CVE # into novell's bugzilla. Can we just remove it from there please? -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.