Date: Mon, 28 May 2012 10:43:45 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org>, Mitre CVE assign department <cve-assign@...re.org> CC: oss-security@...ts.openwall.com Subject: Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue Hello Steve, vendors, previously the CVE identifier of CVE-2012-2391 has been assigned to the following issue:  http://www.openwall.com/lists/oss-security/2012/05/23/12  http://www.openwall.com/lists/oss-security/2012/05/23/15 Today when checking CVE new mail, noticed the CVE-2012-2942 yet: ====================================================== Name: CVE-2012-2942 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2942 [Open URL] Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20120527 Category: Reference: CONFIRM:http://haproxy.1wt.eu/#news [Open URL] Reference: CONFIRM:http://haproxy.1wt.eu/download/1.4/src/CHANGELOG [Open URL] Reference: CONFIRM:http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b [Open URL] Reference: BID:53647 Reference: URL:http://www.securityfocus.com/bid/53647 [Open URL] Reference: SECUNIA:49261 Reference: URL:http://secunia.com/advisories/49261 [Open URL] Reference: XF:haproxy-trash-bo(75777) Reference: URL:http://xforce.iss.net/xforce/xfdb/75777 [Open URL] Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. Both of these are referring to the same issue. Steve, CVE-assign could you clarify which CVE id should be kept and which one should be rejected as duplicate? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ