Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 04 Jun 2014 21:44:20 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: cve-assign@...re.org
Subject: Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise:
 openshift.sh default password creation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/03/2014 12:35 PM, cve-assign@...re.org wrote:


This would depend on how you installed it, e.g. as an upgrade?a new
install? If new then manually? from the script? In this case it was
that specific install script which was also documented as a possible
install method, thus I felt it deserved a CVE.



Correct, however in this case we document it as an install method, so
I felt it deserved a CVE, had it not been documented/mentioned I would
have not assigned a CVE at all since it would have been "example code"
for lack of a better term.



?

- -- 
Kurt Seifried - Red Hat - Product Security - Cloud stuff and such
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTj+eTAAoJEBYNRVNeJnmTE70P/366TGsMWoMtRFsptB+MM9qf
LHaqFzqt2TOd5yM8G5MfIzPtpTcA2XnvOo5fZMOsBhLEx2Sa2t8fV8c346QIGSlC
ZTZecDGEN6DSYXEatnAT3V5RMo7K5RYbUUxhMhUL5/CtZ3t+960cCSVymfoCR2Ng
G0w9WrOadVM0PNbJfz2LCatt+FU3kVoVBToqItOQ8Kn9WPGmG+y9P//BPv/cv9JO
vwG3TXS1DQ8Xs7ioV7llE3dc5yG/7Tn9TJxRW0RJSh078gOrap/8kgfXTVsjigVR
aWbe6jQAhc+gn7sa06lsKYHT53znql8qbk6BSlPxSceuXz1W042/w+elPKkKqQcJ
zZc9UGi0hQe8iuswLasEwQJbdhdf14EtTVeovLxjdaKwpOoiwMZ+WT9RNDMNrVar
utgu8kYgIYi33cd3ygRUJijwxpWn8415SNfAkq021eeUUJD1YHHMIrAgyT97wl+m
MOxIVNpxWk4kKPru+1ROZglTS8QYLmWQeW7Qq9dzUHlWFtXZ497kAvPWMuArhns1
ovmqHKQvIrWoN53qztksfejzXLUfF8FqZFAQIYUSx8snfAOn7avK+H4DWTogqD//
bsCmbuukSr3sG6ZCXRcAK0EAL02FyPoWYbFV+0NesSdn4H0Zl02DvjH6N94SHWzN
uNPQ43oTqoJaXC8uwLz5
=Kr7J
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ