Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 8 Aug 2013 20:40:22 -0400 (EDT)
From: cve-assign@...re.org
To: luigiwalser@...oo.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: tomcat CVE confusion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>I can't find any info about CVE-2013-3544, but the mitre page says
>it's reserved. Perhaps that CVE has already been allocated for some
>other piece of software?

In this specific situation, it happens to be possible for MITRE to
arrange for the CVE web site's CVE-2013-3544 entry to refer to
CVE-2012-3544 as the correct identifier. There's a standard wording
that we use for this scenario, so the entry will end up looking very
similar to this one:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5217

This should be completed on the CVE web site in the coming days. In
general, the cve-assign@...re.org address can be used for any reports
of a CVE typo in a disclosure. Depending on the exact state and usage
of each of the CVEs, sometimes we need to do a multi-vendor typo
coordination, and sometimes it's simpler than that.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)

iQEcBAEBAgAGBQJSBDh7AAoJEGvefgSNfHMd4PcH/0OfLRDeE0gm5eI7oD8MWY/i
2FfkgKcvHVUA1Jvdb/47+DzM0Ri3AhiCevaY6cQhk0MR86e8dQo7yJj2aktw5ESZ
XaG4uMlNgOMbEveX2Qs7gW0IaCXhmD71KrqbliNlUZYdlyreV+p5hK/U+Iy/WYiR
2yKtI6S2OQmvPnq06hl23BO3PPPBAV6oFgNz7h5ONEA3RNk06K4Ahq/ibMf9rRX0
bf6aH7S73kTa7SL3TWw0c9YPQwKkgFYzL9CZI+z+riazkdAqZyF+ptOUIDhKRaiX
ejTpGJqVajns6m5Bj7tCgK4TEciSSV5p/tlmhSEaYfFb4H+wsxzOoCPkKW6DSKA=
=l15v
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.