Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABuU+O33Yn0bgYfXWBL20JiXFh9uA1VJCnc0mJOAza8MRSmDmg@mail.gmail.com>
Date: Sat, 17 Jan 2015 12:15:41 +0100
From: Francisco Alonso <rs@...skills.cz>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper

Hi,

Any update about this?

On Tue, Jan 6, 2015 at 9:45 PM, Francisco Alonso <rs@...skills.cz> wrote:

> Hello,
>
> Can a CVE please be assigned to the following issue:
>
> FlexPaper Flash viewer Reflected XSS and Content Spoofing via Swfile
> parameter in FlexPaperViewer.swf file.
>
> Fixed via FlexPaper 2.3.1 Release.
>
> References:
> http://blog.flexpaper.org/post/105984224083/flexpaper-2-3-1-release-notes
> https://code.google.com/p/flexpaper/
> http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/
>
> http://www.pcworld.com/article/2862812/flaw-in-opensource-pdf-viewer-could-put-wikileaks-users-others-at-risk.html
>
> Thanks,
>



-- 

Francisco Alonso.
http://twitter.com/revskills
PGP: 0xE2E64DCA
--

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.