Bugtraq mailing list archives

Re: LiveZilla 5.3.0.7 Security Issue

From: Henri Salo <henri () nerv fi>
Date: Sat, 18 Oct 2014 12:34:05 +0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Oct 14, 2014 at 04:28:27PM +0000, sourav.infosec () gmail com wrote:

I had reported few xss issues on LiveZilla 5.3.0.7 . They fixed it properly and informed me. Now  latest build is 
5.3.0.8 / 2014-09-25.  

http://changelog.livezilla.net/

Can you help me regarding CVE. I can send you the vulnerability details.


CVE OpenSource Request HOWTO can be located at:

http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

As "Live!Zilla" product is open-source you can request CVE in public
oss-security mailing list:

http://oss-security.openwall.org/wiki/
http://www.openwall.com/lists/oss-security/

You should include following details to your request if available:

- - Software and vendor name
- - Type of vulnerability
- - Link to vulnerable source code or fix
- - Link to source code change log
- - Link to security advisory
- - Link to bug entry
- - Affected versions
- - Fixed in versions
- - Proof of concept code/exploit

I am more than happy to help you off-list or create the request with you.

- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlRCNA0ACgkQXf6hBi6kbk/dywCgwMa7m0hu/rUgBGOvs8QFOcnv
MGgAoJzWiIb9gTcNNqs1WbhvJa3bPskQ
=r3Pj
-----END PGP SIGNATURE-----

Current thread:

LiveZilla 5.3.0.7 Security Issue sourav . infosec (Oct 15)
- Re: LiveZilla 5.3.0.7 Security Issue Henri Salo (Oct 20)