Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87zjvuwwdv.fsf@windlord.stanford.edu>
Date: Thu, 16 May 2013 12:35:40 -0700
From: Russ Allbery <rra@...ian.org>
To: Salvatore Bonaccorso <carnil@...ian.org>
Cc: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: WebAuth: Authentication credential disclosure

Salvatore Bonaccorso <carnil@...ian.org> writes:

> Could a CVE be assigned for this issue in WebAuth (Cc'ing Russ
> Allbery):

Ack, sorry, I considered asking for a CVE and then decided not to since I
wasn't sure anyone would really care given the limited deployment of the
affected code.  That was probably the wrong decision, particularly based
on Kurt's comments yesterday, so I probably should have gone ahead and
done it and included it in the advisory.

I'm happy to include a CVE in the advisory and in the Debian experimental
changelog going forward.

-- 
Russ Allbery (rra@...ian.org)               <http://www.eyrie.org/~eagle/>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.