oss-sec mailing list archives
CVE id request: php-xajax
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Wed, 17 Dec 2008 15:45:31 +0100
Hi Steven, I am not sure, if you want to assign a new CVE id for this, but since we did it for several other issues where an incomplete patch was issued, I guess it can be done here as well. The patch for CVE-2007-2739 seems incomplete as it doesn't escape "&". I recommend removing the replace call and using htmlspecialchars() instead. Also, I seem to be unable to find anything regarding CVE-2007-2740. Did anyone manage to find a patch or even what kind of issue we are talking about? I only see the XSS. Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request: php-xajax Steffen Joeris (Dec 17)
- Re: CVE id request: php-xajax Steven M. Christey (Dec 17)
- Re: CVE id request: php-xajax Nico Golde (Dec 17)
- Re: CVE id request: php-xajax Steffen Joeris (Dec 17)
- Re: CVE id request: php-xajax Nico Golde (Dec 17)
- Re: CVE id request: php-xajax Steven M. Christey (Dec 17)
- Re: CVE id request: php-xajax Nico Golde (Dec 17)
- Re: CVE id request: php-xajax Steven M. Christey (Dec 17)
- Re: CVE id request: php-xajax Nico Golde (Dec 17)
- Re: CVE id request: php-xajax Steven M. Christey (Dec 17)