-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746322 and > https://github.com/defnull/bottle/issues/616 report an issue where > Bottle treated "text/plain;application/json" as JSON, allowing security > mechanisms to be bypassed.
Use CVE-2014-3137. The scope of this CVE does not include any behavior of Chrome that could be interpreted as a Chrome vulnerability, e.g., "can make a request with the content-type of text/plain;application/json (IMO this is a bug in Chrome)" in 616. A later comment in 616 says "The original reporter mentioned filing Chrome bugs." As suggested by the http://www.google.com/about/appsecurity/ page, Chrome bugs are the mechanism for getting CVE assignments from the Google CNA. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTYpkXAAoJEKllVAevmvmsfl8IAI6ITpAf9TshVu0Y9+fC73zr jCEwMs3qy53bs7ongjU0qQluH68sX4ckkobldhZL/2OM0oLPhz8ZSXNxNsHx9pX5 V7rhUgpHsM0BLyJSr2Zpr/aN/SbPKlqZWJjmLRlfslc0+BJdpqp0v7vvqjZS6iXa BWsDcxLCQ3yMk4cYqXssfodjBKcForeOzCPlRnUrEEwE5zYMib+qkXD2vSNxDfdO on0gFbun5+ldTm+DiN5nnkH7s6pYuPZRcmL2/BqHWfun1s9kPzCI9Vsfvf9kHJD8 LCN1e7N6S3h3Zulg+jmJSqTWJsu3aaNu+Bc4FgTBmzuYIsc0FXaPxRDE3bkmp08= =iVci -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
