Date: Tue, 04 Feb 2014 09:09:28 -0700 From: "Vincent Danen" <vdanen@...hat.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) On 02/04/2014, at 7:48 AM, cve-assign@...re.org wrote: >> I'm not sure if MITRE will be handling the assignment or if Oracle >> will, > > We don't want to rule out the possibility that someone from Oracle > will reply to the list and mention that this issue was the topic > of an earlier private report to Oracle, and already has a CVE ID > assigned. In general, MITRE will coordinate with Oracle to avoid a > duplicate assignment. Fair enough. That's why I had included Oracle on the cc list, just in case. Thanks. -- Vincent Danen / Red Hat Security Response Team Download attachment "signature.asc" of type "application/pgp-signature" (711 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ