Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Jul 2010 19:12:17 -0500
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: znc id: CVE-2010-2448 or CVE-2010-2488?

Hi,

Some weeks ago I requested an id for a null pointer dereference in ZNC.
Josh assigned CVE-2010-24*8*8.

Because of a typo, the CVE id referenced in the DSA I released was 
CVE-2010-24*4*8 [1] (previously assigned by Steven to a gitolite issue, 
SA39587.) I updated our tracker as soon as I noticed the typo.

However, in the last batch of CVE updates, the znc issue appeared with the 
incorrect id (i.e. CVE-2010-24*4*8.)

VUPEN and SecurityFocus already picked up the wrong id.

How should we proceed?

I would like to apologise for the inconvenience.

[1]http://www.openwall.com/lists/oss-security/2010/06/24/5

Kind regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ