[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LiveZilla 5.3.0.7 Security Issue



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Oct 14, 2014 at 04:28:27PM +0000, sourav.infosec@xxxxxxxxx wrote:
> I had reported few xss issues on LiveZilla 5.3.0.7 . They fixed it properly and informed me. Now  latest build is 5.3.0.8 / 2014-09-25.  
> 
> http://changelog.livezilla.net/
> 
> Can you help me regarding CVE. I can send you the vulnerability details.

CVE OpenSource Request HOWTO can be located at:

http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

As "Live!Zilla" product is open-source you can request CVE in public
oss-security mailing list:

http://oss-security.openwall.org/wiki/
http://www.openwall.com/lists/oss-security/

You should include following details to your request if available:

- - Software and vendor name
- - Type of vulnerability
- - Link to vulnerable source code or fix
- - Link to source code change log
- - Link to security advisory
- - Link to bug entry
- - Affected versions
- - Fixed in versions
- - Proof of concept code/exploit

I am more than happy to help you off-list or create the request with you.

- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlRCNA0ACgkQXf6hBi6kbk/dywCgwMa7m0hu/rUgBGOvs8QFOcnv
MGgAoJzWiIb9gTcNNqs1WbhvJa3bPskQ
=r3Pj
-----END PGP SIGNATURE-----