On Wed, 19 Dec 2012, Giuseppe Iuculano wrote: > On 17/12/2012 18:21, Jonathan Wiltshire wrote: [ Debian ] > > Security team: is it too late to get a CVE through you now that a public > > bug has been filed? And should a DSA be prepared, as I have not looked > > but can be fairly sure this will affect stable. > > yes, if it is public, we cannot assign a CVE. you can ask > cve-ass...@mitre.org to request one.
Okay, doing that. Hello MITRE people, we would like to request a CVE number for an issue in the RSS_Reader Mediawiki extension that allows injection of unchecked HTML including Javascript into wikis via feeds. See http://bugs.debian.org/696179 for details. My apologies on not getting the process done correctly. Thanks, //mirabilos -- 15:41⎜<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld :-) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
