Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 28 Apr 2016 11:38:33 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: das das <scusec2010@...il.com>
Subject: Re: CVE request:SQL injection in TeamPass

Hi,

On Thu, Apr 28, 2016 at 04:20:08PM +0800, das das wrote:
> I sent you an email about the vulnerability found in Teampass,
> http://www.openwall.com/lists/oss-security/2016/04/14/1

I imagine that the MITRE folks are busy with higher-priority requests.

> however,I haven't received any reply yet.Does cve still accept such
> vulnerabilities in Teampass?Because There are some Teampass
> vulnerabilities witch are found latey,and I don't know whether they
> should be submitted.

I think you're confusing notifying the community and obtaining CVE IDs.
It does make perfect sense for you to be notifying the community even if
you're not receiving CVE IDs promptly (or at all).  If you need some IDs
for tracking, please feel free to obtain and self-assign OVE IDs, and
include those right in your initial notifications to oss-security:

http://www.openwall.com/ove/

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.