|
Message-Id: <20130716211757.2CFDF600AC@smtp.hushmail.com> Date: Tue, 16 Jul 2013 21:17:56 +0000 From: "mancha" <mancha1@...h.com> To: oss-security@...ts.openwall.com, kseifried@...hat.com Subject: Re: CVE Request - xlockmore 5.43 fixes a security flaw On Tue, 16 Jul 2013 20:18:06 +0000 "Kurt Seifried" wrote: >To reiterate: so I can confirm CVE assignments, and prevent >duplicate assignments you *MUST* provide links to the code >commits/vulnerable code. >People need to start making better CVE requests, or you're >not going to get CVEs from me. I am relatively new at CVE requests so I am learning-by-doing. I must have missed the original comment you feel you're re-iterating to me. Relevant code can be found here: [1] http://sourceforge.net/projects/miscellaneouspa/files/glibc217/xlock more-5.42-glibc217-crypt.diff Upstream doesn't appear to have a public version control repo which is why I didn't post link(s) to commit(s). I mistakenly thought their changelog annoucement would be enough. I enjoy contributing time to the community via code submissions and by making flaws/fixes known to vendors via this list. I just hope they don't all have to raise my blood pressure in the future. --mancha
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.