Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 7 Jun 2016 09:49:00 +0200
From: Salvatore Bonaccorso <>
Cc: Mitre CVE assign department <>
Subject: Re: Please reject duplicate CVE for libxml2


On Tue, Jun 07, 2016 at 09:34:51AM +0200, Martin Prpic wrote:
> Hi, it seems two CVEs were assigned for the same issue in libxml2:
> Daniel Veillard reported to us that these issues are the same and fixed
> by:
> The upstream bug is:
> Can CVE-2016-4483 please be rejected as a duplicate of CVE-2016-3627?

What though is confusing is that the two commits are tagged
accordingly in the upstream git repository:

Tagged for CVE-2016-4483:

Tagged for CVE-2016-3627:

For the updates in Debian thus we have used both and referenced both
CVEs, think Ubuntu has done the same in USN 2994


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ