Date: Wed, 7 Jul 2010 01:54:35 -0500 From: Reed Loden <reed@...dloden.com> To: oss-security@...ts.openwall.com Cc: Kurt Seifried <kurt@...fried.org> Subject: Re: Bugzilla 3.7.1 CVE request -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 6 Jul 2010 00:51:40 -0600 Kurt Seifried <kurt@...fried.org> wrote: > CVE # for this please. > > http://www.bugzilla.org/security/3.7.1/ This security issue only affects the 3.7 and 3.7.1 development "snapshots" (basically, alpha/beta quality). It's highly unlikely that any distro would be tracking this unstable version/branch, so is a CVE really required? If so, Mozilla can assign one from its pool. I usually deal with getting CVEs assigned for Bugzilla issues, and I just didn't think this one required one... However, maybe I was mistaken in that. ~reed Mozilla Security Group - -- Reed Loden - <reed@...dloden.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkw0JKwACgkQa6IiJvPDPVrDPwCfax7OoqAr2Di+vZ0NQdXIrxZV pFMAoLBKcbef1hSrDiyeRUm7bTCoCmZY =EhY+ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ