Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170719125900.igfqq3i2bt3qwqep@tunkki>
Date: Wed, 19 Jul 2017 15:59:00 +0300
From: Henri Salo <henri@...v.fi>
To: Matthew Daley <mattd@...fuzz.com>
Cc: Kurt Seifried <kurt@...fried.org>, oss-security@...ts.openwall.com
Subject: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004

On Wed, Jul 19, 2017 at 11:37:28PM +1200, Matthew Daley wrote:
> On 17 July 2017 at 00:01, Henri Salo <henri@...v.fi> wrote:
> > Is this assigment somehow related to this oss-security post?
> > http://www.openwall.com/lists/oss-security/2016/07/01/3
> 
> Yes.

Thanks for your reply and clearing this up. One of the points in my email was
that this is not documented in the DWF item well enough. There is
description_data with value, but no referer to oss-security, which should also
use those issue numbers. Should the assigner or requester post this information
to oss-security aswell or is the point that DWF is followed via GitHub with
custom scripts? If someone makes a pull request to the item is the information
populated to MITRE and NVD databases and how often?

-- 
Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.