Date: Fri, 27 Mar 2015 12:31:35 +0300 From: Alexander Cherepanov <ch3root@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g On 2015-03-27 09:54, cve-assign@...re.org wrote: >> I found multiple issues in the library FreeXL 1.0.0g. >> The vendor has corrected these issues in FreeXL 1.0.1 , and a diff for >> the four issues is available here: > > We don't feel that this has information in a usable format for making > all of the CVE assignments. Aren't you usually combine similar issues into one CVE anyway? Same reported type ("stack corruption", at least for #1--3), same disclosure date, same fixed version, no info about first vulnerable version... Or there are subtle differences somewhere? -- Alexander Cherepanov
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ