Jeroen Roos ha scritto: > What kind of information would you like? The issues mentionned in > CVE-2008-6837 are not known to me and because of the limited information > in the report there is no way to determine whether such an issue exists, > the issue in CVE-2008-6838 is the same issue as the one reported in > CVE-2008-3258, which is solved in 0.7.0.5 and 0.7.3. > > I very much suspect that these issues have been copied from > http://www.securityfocus.com/bid/30116/info, which describes two issues, > one of which is the same as the one reported in CVE-2008-3258 and the > other is an issue I have not been able to reproduce in any version. This > person has never contacted me about this problem. (I have sent him an > e-mail yesterday, requesting him to rectify this information and contact > me instead of securityfocus next time).
Ok, Thanks for clarifying that. Please update this bug if you will get further details. > By the way, I did release an update for another security issue yesterday > (that is how I came accross these issues). Thanks, I added a new entry in our security tracker. Zoph Cross-Site Scripting Vulnerability: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249 http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128 Cheers, Giuseppe.
signature.asc
Description: OpenPGP digital signature