Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Oct 2009 16:40:05 +0200
From: CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi>
To: oss-security <oss-security@...ts.openwall.com>
CC: "Steven M. Christey" <coley@...us.mitre.org>, 
 Josh Bressers <bressers@...hat.com>,
 Joe Orton <jorton@...hat.com>, Ondrej Vasik <ovasik@...hat.com>, 
 Roman Rakus <rrakus@...hat.com>,
 CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi>
Subject: Re: CVE Request -- expat [was: Re: Regarding expat
 bug 1990430]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

Jan Lieskovsky wrote:
> Based on the above -^ I would vote for separate CVE identifier for expat
> flaw
> (and its embedded copies in dozen of packages):
> 
> https://bugs.gentoo.org/show_bug.cgi?id=280615#c8
> https://bugs.gentoo.org/show_bug.cgi?id=280615#c10

As far as we understand, the expat flaw in question is in no way related
to CVE-2009-2625, or other recent XML parser flaws. Therefore our take
is that it should have a distinct CVE entry.

- -Jussi / CERT-FI
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFK5bTF/64aC2E+yK8RAujqAKCgFjrzN4XZJ87Cf3pBAh2/1uNl6gCfW8+v
qlDdj1prKH23JhsVi8mv90A=
=Vin/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ