Date: Sun, 04 Mar 2012 20:19:14 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Moritz Mühlenhoff <jmm@...til.org>, Debian Security Team <security@...ian.org> Subject: Re: CVE request: notmuch On 03/04/2012 11:50 AM, Moritz Mühlenhoff wrote: > Hi, > please assign a CVE for this issue in "notmuch" (fixed in DSA 2416): > http://lists.debian.org/debian-security-announce/2012/msg00044.html > > Fix: > http://git.notmuchmail.org/git/notmuch/commit/ae438ccd8c77831158c7c30f19710d798ee4a6b4 > > Cheers, > Moritz Please use CVE-2012-1103 for this issue. Potentially stupid Q, why no CVE request from Debian? I'm happy to assign them, especially for stuff that qualifies for a DSA, it will almost certainly qualify for a CVE. If you need one for an embargoed issue please email the OpenWall vs list (http://oss-security.openwall.org/wiki/mailing-lists/distros) and I can assign it there. -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ