Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20130716211757.2CFDF600AC@smtp.hushmail.com>
Date: Tue, 16 Jul 2013 21:17:56 +0000
From: "mancha" <mancha1@...h.com>
To: oss-security@...ts.openwall.com, kseifried@...hat.com
Subject: Re: CVE Request - xlockmore 5.43 fixes a security flaw

On Tue, 16 Jul 2013 20:18:06 +0000 "Kurt Seifried" wrote:
>To reiterate: so I can confirm CVE assignments, and prevent 
>duplicate assignments you *MUST* provide links to the code 
>commits/vulnerable code.

>People need to start making better CVE requests, or you're 
>not going to get CVEs from me.

I am relatively new at CVE requests so I am learning-by-doing.
I must have missed the original comment you feel you're
re-iterating to me.

Relevant code can be found here:

[1] 
http://sourceforge.net/projects/miscellaneouspa/files/glibc217/xlock
more-5.42-glibc217-crypt.diff

Upstream doesn't appear to have a public version control repo
which is why I didn't post link(s) to commit(s). I mistakenly
thought their changelog annoucement would be enough.

I enjoy contributing time to the community via code submissions
and by making flaws/fixes known to vendors via this list. I just
hope they don't all have to raise my blood pressure in the future.

--mancha

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.