Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 7 Mar 2014 10:30:26 -0500 (EST)
From: cve-assign@...re.org
To: mancha1@...h.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request/Clarification - PHP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Two issues were recently identified as security concerns in
> libmagic: CVE-2014-1943 (infinite recursion flaw) &
> CVE-2014-2270 (improper bounds checking).
> 
> What is the policy regarding CVE allocation for products
> vulnerable by virtue of bundling copies of vulnerable products
> (as opposed to, say, linking vulnerable system libraries)?
> 
> I bring this up because PHP embeds a copy of libmagic

A CVE assignment for libmagic (in the file product) can be used by all
vendors who bundle libmagic. Different copies of libmagic in different
products do not have separate CVE IDs.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTGeW2AAoJEKllVAevmvmsPe8IAKbPUTbrekNSfAiGbJqu/wi4
iyastVoV0mdPbFw7zLBwkUHsFOWlijdwCZE2nCgqkKtz6qL9F8Qkc6bgpj4D+SvO
4y69akfMOqpGzXjJbB+VGMvhcszPAB5vehbbkEKg9ZO/OD+x0bVHzpbtv2O1eTIQ
BzM2syQ1/mr0cQTOn6ife6+8u5ljv0M+FvAS7xmBI9cUVe1aivXSPTXNOfCUpzwd
HX4JWMWV2d96gj/Rsf/AIZbkHwpWaeemh9IuisVaFYFcjDqo1S7Py1n0fcGgYhjB
Ak+E57lFo+KPHr1ytnoVpAQJFW7AD/Tf29v95MwmjD8H9QLDBR13TnBDRDn9J38=
=9fOg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ