Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Nov 2015 02:59:50 -0500 (EST)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, DAVIDKA@...ibm.com, ROEEH@...ibm.com, private@...dova.apache.org, dev@...dova.apache.org, security@...che.org
Subject: Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>> CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android

> Is there a typo here? CVE-2015-5257 was already assigned for an issue
> in drivers/usb/serial/whiteheat.c in the Linux kernel. see
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257

The outcome here is that this BridgeSecret vulnerability is now known
as CVE-2015-8320, not CVE-2015-5257. (Nobody working on Cordova was
involved in any typo or misuse of a CVE ID; however, that does not
change the outcome.) CVE-2015-5256 is unaffected by this event.

For additional details, see some or all of the following URLs
later today or tomorrow:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257

  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5256
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5256

  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8320
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8320

  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5275
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5275

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWUsYoAAoJEL54rhJi8gl5ymkQAJftRBBnk52E/5xni8vgGSBR
Ar0ihQ2/SwiTh4cu/N2FvxPWtdw1G+xHsFyiknW3tDlUJhVy04HJ23gYf5AJTXn6
31yL1mPZz+AsM87sCupr9lqKzS+/HBbuVBPzz+Zs8Vb4pQYiuz/8Z0yCD4HR6iH8
OGLf9K+mZ07TqyaZkI8a23PjX5BaYqRxNR+vRsRNVuiFTiPq86++mrMUm+AUTNMJ
I1MyOZITMTCdITonmWIZj2XaFjyRZNd285bf/UqSirYAatinyuptEBlgHmgefYyU
UT/hYMnwiE6ajP5Ep8wbWBEmGqq22LFpaEVAkcTg3kFHxnYV/vt3Wt7l33yLPDwL
Gl3sQ71Njf681afx31ztv9CY+No2GTUtUjpUw074d/8SrIj0VWi+uzxNKtHtNaPR
jCfYVWWdbWm7wOfxjRk4O6F0SLh1fnkeVlHUpLTFJ/+j6j3c5BYrnTDL87+Uv/Bc
5WPjQ9xvctATout0bKszsgL70nOpSBYaFhct9wX5cdPgKiWB9upjW0nM25EMPK42
EE4Q2bgeDGGLfUubn//NSR33zI9OrglQNn9VeY9BrvyvKZ97nS2YRs5ZvTpY6miu
YjOe+NTzr0NcurMOVg/8Jx17UNVcbawd8lg0fA7AUqIzIMoJgI6k6MF+sIipfhj0
oEUUJNT0CzLYuIhkEB5n
=MJhw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ