Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <486220758.7797712.1392628327179.JavaMail.zimbra@redhat.com>
Date: Mon, 17 Feb 2014 04:12:07 -0500 (EST)
From: Arun Neelicattu <abn@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE Split: CVE-2014-0050 Apache Commons
 FileUpload and Apache Tomcat DoS

Hi,

Checking to see if there has been a decision regarding this? Will there be a split?

-arun

----- Original Message -----
> From: "Arun Neelicattu" <abn@...hat.com>
> To: oss-security@...ts.openwall.com
> Cc: cve-assign@...re.org
> Sent: Friday, February 7, 2014 11:09:49 AM
> Subject: [oss-security] CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
> 
> Hi,
> 
> CVE-2014-0050 was assigned to a flaw that affects both Apache Commons
> FileUpload and Apache Tomcat DoS [1].
> 
> Although Commons FileUpload and Tomcat are affected by this flaw and the
> vulnerable classes share the same ancestry, the code bases for them have
> been maintained in separate source trees for a long while now.
> 
> Can this CVE be split?
> 
> -arun
> 
> [1] http://seclists.org/fulldisclosure/2014/Feb/41
> 
> --
> Arun Neelicattu / Red Hat Security Response Team
> PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B
> 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.