Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Jul 2010 19:12:17 -0500
From: Raphael Geissert <>
Subject: znc id: CVE-2010-2448 or CVE-2010-2488?


Some weeks ago I requested an id for a null pointer dereference in ZNC.
Josh assigned CVE-2010-24*8*8.

Because of a typo, the CVE id referenced in the DSA I released was 
CVE-2010-24*4*8 [1] (previously assigned by Steven to a gitolite issue, 
SA39587.) I updated our tracker as soon as I noticed the typo.

However, in the last batch of CVE updates, the znc issue appeared with the 
incorrect id (i.e. CVE-2010-24*4*8.)

VUPEN and SecurityFocus already picked up the wrong id.

How should we proceed?

I would like to apologise for the inconvenience.


Kind regards,
Raphael Geissert - Debian Developer -

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ