https://bugzilla.novell.com/show_bug.cgi?id=650155
https://bugzilla.novell.com/show_bug.cgi?id=650155#c5
--- Comment #5 from Sebastian Krahmer 2010-11-08 08:03:17 UTC ---
From: "Steven M. Christey"
While many of the sources for YUI imply that there's only one XSS, one of
our CVE analysts observed that the "Affected Files and Patches" section at
the end of http://yuilibrary.com/support/2.8.2/ makes it clear that three
separate .SWF files are affected, and they are all patched in slightly
different versions.
So, I'm going to REJECT CVE-2010-3866 and SPLIT it into the following 3
CVEs:
CVE-2010-4207
charts/assets/charts.swf
YUI 2.4.0 through 2.8.1
CVE-2010-4208
uploader/assets/uploader.swf
YUI 2.5.0 through 2.8.1
CVE-2010-4209
swfstore/swfstore.swf
YUI 2.8.0 through 2.8.1
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.