Date: Wed, 28 Oct 2009 11:43:26 +0000 (GMT) From: Mark J Cox <mjc@...hat.com> To: oss-security <oss-security@...ts.openwall.com> cc: "Steven M. Christey" <coley@...us.mitre.org>, Josh Bressers <bressers@...hat.com>, Joe Orton <jorton@...hat.com>, Ondrej Vasik <ovasik@...hat.com>, Roman Rakus <rrakus@...hat.com>, CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi> Subject: Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] >> Based on the above -^ I would vote for separate CVE identifier for expat >> flaw >> (and its embedded copies in dozen of packages): >> >> https://bugs.gentoo.org/show_bug.cgi?id=280615#c8 >> https://bugs.gentoo.org/show_bug.cgi?id=280615#c10 > > As far as we understand, the expat flaw in question is in no way related > to CVE-2009-2625, or other recent XML parser flaws. Therefore our take > is that it should have a distinct CVE entry. So use CVE-2009-3720 for this Mark
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ