Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Mar 2015 12:31:35 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request: Multiple vulnerabilities in freexl
 1.0.0g

On 2015-03-27 09:54, cve-assign@...re.org wrote:
>> I found multiple issues in the library FreeXL 1.0.0g.
>> The vendor has corrected these issues in FreeXL 1.0.1 , and a diff for
>> the four issues is available here:
>
> We don't feel that this has information in a usable format for making
> all of the CVE assignments.

Aren't you usually combine similar issues into one CVE anyway? Same 
reported type ("stack corruption", at least for #1--3), same disclosure 
date, same fixed version, no info about first vulnerable version...
Or there are subtle differences somewhere?

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ