Date: Thu, 28 Apr 2016 11:38:33 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: das das <scusec2010@...il.com> Subject: Re: CVE request:SQL injection in TeamPass Hi, On Thu, Apr 28, 2016 at 04:20:08PM +0800, das das wrote: > I sent you an email about the vulnerability found in Teampass, > http://www.openwall.com/lists/oss-security/2016/04/14/1 I imagine that the MITRE folks are busy with higher-priority requests. > however,I haven't received any reply yet.Does cve still accept such > vulnerabilities in Teampass?Because There are some Teampass > vulnerabilities witch are found latey,and I don't know whether they > should be submitted. I think you're confusing notifying the community and obtaining CVE IDs. It does make perfect sense for you to be notifying the community even if you're not receiving CVE IDs promptly (or at all). If you need some IDs for tracking, please feel free to obtain and self-assign OVE IDs, and include those right in your initial notifications to oss-security: http://www.openwall.com/ove/ Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ