Date: Wed, 04 Jun 2014 21:44:20 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: cve-assign@...re.org Subject: Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/03/2014 12:35 PM, cve-assign@...re.org wrote: This would depend on how you installed it, e.g. as an upgrade?a new install? If new then manually? from the script? In this case it was that specific install script which was also documented as a possible install method, thus I felt it deserved a CVE. Correct, however in this case we document it as an install method, so I felt it deserved a CVE, had it not been documented/mentioned I would have not assigned a CVE at all since it would have been "example code" for lack of a better term. ? - -- Kurt Seifried - Red Hat - Product Security - Cloud stuff and such PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTj+eTAAoJEBYNRVNeJnmTE70P/366TGsMWoMtRFsptB+MM9qf LHaqFzqt2TOd5yM8G5MfIzPtpTcA2XnvOo5fZMOsBhLEx2Sa2t8fV8c346QIGSlC ZTZecDGEN6DSYXEatnAT3V5RMo7K5RYbUUxhMhUL5/CtZ3t+960cCSVymfoCR2Ng G0w9WrOadVM0PNbJfz2LCatt+FU3kVoVBToqItOQ8Kn9WPGmG+y9P//BPv/cv9JO vwG3TXS1DQ8Xs7ioV7llE3dc5yG/7Tn9TJxRW0RJSh078gOrap/8kgfXTVsjigVR aWbe6jQAhc+gn7sa06lsKYHT53znql8qbk6BSlPxSceuXz1W042/w+elPKkKqQcJ zZc9UGi0hQe8iuswLasEwQJbdhdf14EtTVeovLxjdaKwpOoiwMZ+WT9RNDMNrVar utgu8kYgIYi33cd3ygRUJijwxpWn8415SNfAkq021eeUUJD1YHHMIrAgyT97wl+m MOxIVNpxWk4kKPru+1ROZglTS8QYLmWQeW7Qq9dzUHlWFtXZ497kAvPWMuArhns1 ovmqHKQvIrWoN53qztksfejzXLUfF8FqZFAQIYUSx8snfAOn7avK+H4DWTogqD// bsCmbuukSr3sG6ZCXRcAK0EAL02FyPoWYbFV+0NesSdn4H0Zl02DvjH6N94SHWzN uNPQ43oTqoJaXC8uwLz5 =Kr7J -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ