CVE-ID for recent XSS issues ?

[dregad]

I was wondering if a CVE ID had been assigned to the XSS issues fixed in #495 / 1.7.0.

If not, it might be a good idea to request one, and reference it in the various discussion threads.

[aidantwoods]

I've now requested one though the DWF since they appear to deal specifically with CVEs for open-source.

You can view the submission here: https://pending-requests-v5.distributedweaknessfiling.org/

[dregad]

Cheers !

[dregad]

I just checked the status and CVE-2018-1000162 has been assigned by DWF, but MITRE have not yet accepted it (CVEProject/cvelist#411)

[aidantwoods]

A-ha, I received an email last week with the CVE and have been checking the MITRE site for when it goes though. I hadn't seen that PR though! The batch seems to be held up by another CVE, so I'd expect that our CVE passes through okay. I was planning on holding off referencing the assigned CVE in #495 until it's accepted by MITRE

[aidantwoods]

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000162