Date: Fri, 07 Mar 2014 20:00:28 +0000 From: "mancha" <mancha1@...h.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE Request/Clarification - PHP On Fri, 07 Mar 2014 15:31:00 +0000 cve-assign@...re.org wrote: >> Two issues were recently identified as security concerns in >> libmagic: CVE-2014-1943 (infinite recursion flaw) & >> CVE-2014-2270 (improper bounds checking). >> >> What is the policy regarding CVE allocation for products >> vulnerable by virtue of bundling copies of vulnerable products >> (as opposed to, say, linking vulnerable system libraries)? >> >> I bring this up because PHP embeds a copy of libmagic > >A CVE assignment for libmagic (in the file product) can be used >by all vendors who bundle libmagic. Different copies of libmagic >in different products do not have separate CVE IDs. > >-- >CVE assignment team, MITRE CVE Numbering Authority Many thanks for that clarification. --mancha
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ