https://bugzilla.novell.com/show_bug.cgi?id=650155 https://bugzilla.novell.com/show_bug.cgi?id=650155#c5 --- Comment #5 from Sebastian Krahmer <krahmer@novell.com> 2010-11-08 08:03:17 UTC --- From: "Steven M. Christey" <coley@linus.mitre.org> While many of the sources for YUI imply that there's only one XSS, one of our CVE analysts observed that the "Affected Files and Patches" section at the end of http://yuilibrary.com/support/2.8.2/ makes it clear that three separate .SWF files are affected, and they are all patched in slightly different versions. So, I'm going to REJECT CVE-2010-3866 and SPLIT it into the following 3 CVEs: CVE-2010-4207 charts/assets/charts.swf YUI 2.4.0 through 2.8.1 CVE-2010-4208 uploader/assets/uploader.swf YUI 2.5.0 through 2.8.1 CVE-2010-4209 swfstore/swfstore.swf YUI 2.8.0 through 2.8.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.