Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Jul 2010 01:54:35 -0500
From: Reed Loden <reed@...dloden.com>
To: oss-security@...ts.openwall.com
Cc: Kurt Seifried <kurt@...fried.org>
Subject: Re: Bugzilla 3.7.1 CVE request

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Jul 2010 00:51:40 -0600
Kurt Seifried <kurt@...fried.org> wrote:

> CVE # for this please.
> 
> http://www.bugzilla.org/security/3.7.1/

This security issue only affects the 3.7 and 3.7.1 development
"snapshots" (basically, alpha/beta quality). It's highly unlikely that
any distro would be tracking this unstable version/branch, so is a CVE
really required? If so, Mozilla can assign one from its pool.

I usually deal with getting CVEs assigned for Bugzilla issues, and I
just didn't think this one required one... However, maybe I was
mistaken in that.

~reed
Mozilla Security Group

- -- 
Reed Loden - <reed@...dloden.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkw0JKwACgkQa6IiJvPDPVrDPwCfax7OoqAr2Di+vZ0NQdXIrxZV
pFMAoLBKcbef1hSrDiyeRUm7bTCoCmZY
=EhY+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ