|
Message-ID: <4AE5B4C5.5010909@ficora.fi> Date: Mon, 26 Oct 2009 16:40:05 +0200 From: CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi> To: oss-security <oss-security@...ts.openwall.com> CC: "Steven M. Christey" <coley@...us.mitre.org>, Josh Bressers <bressers@...hat.com>, Joe Orton <jorton@...hat.com>, Ondrej Vasik <ovasik@...hat.com>, Roman Rakus <rrakus@...hat.com>, CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi> Subject: Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, Jan Lieskovsky wrote: > Based on the above -^ I would vote for separate CVE identifier for expat > flaw > (and its embedded copies in dozen of packages): > > https://bugs.gentoo.org/show_bug.cgi?id=280615#c8 > https://bugs.gentoo.org/show_bug.cgi?id=280615#c10 As far as we understand, the expat flaw in question is in no way related to CVE-2009-2625, or other recent XML parser flaws. Therefore our take is that it should have a distinct CVE entry. - -Jussi / CERT-FI -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFK5bTF/64aC2E+yK8RAujqAKCgFjrzN4XZJ87Cf3pBAh2/1uNl6gCfW8+v qlDdj1prKH23JhsVi8mv90A= =Vin/ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.