[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 4 Apr 2013 16:32:56 +0000
From: "Christey, Steven M." <coley@...re.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: RE: Confused with Drupal CVEs
Henri,
While SA-CONTRIB-2013-001 listed only one CVE, CVE-2013-0181, there were two vulnerabilities that were found by different researchers. While they were originally merged into a single CVE (same vulnerability type), we also have guidelines that SPLIT issues into different groups if they are found by different researchers. So, the MITRE team SPLIT these CVEs accordingly, after the initial erroneous assignment. We listed http://www.openwall.com/lists/oss-security/2013/01/15/3 as a reference for the new/split CVE-2013-2715 because this was effectively where the vulnerability was more widely disclosed.
- Steve
>-----Original Message-----
>From: Henri Salo [mailto:henri@...v.fi]
>Sent: Thursday, April 04, 2013 2:58 AM
>To: oss-security@...ts.openwall.com
>Subject: [oss-security] Confused with Drupal CVEs
>
>Hello,
>
>SA-CONTRIB-2013-001 https://drupal.org/node/1884332 CVE-2013-0181
>
>Why does http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2715
>link to http://www.openwall.com/lists/oss-security/2013/01/15/3
>
>Duplicate?
>
>---
>Henri Salo
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
