Date: Wed, 14 Sep 2016 10:22:58 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Ideally people should get CVEs and then post to oss-security with the information and the CVE. A lot of people consume the list data and the current method means that people end up searching their DBs, making sure it's new, then entering it, then updating it with a CVE. If people got CVEs first this would vastly simplify things. On Wed, Sep 14, 2016 at 3:21 AM, Moritz Muehlenhoff <jmm@...ian.org> wrote: > > > I noticed that in your original e-mail to this list, you did not cc > > > cve-assign. > > > > That's true, but I never did in the past, as this mailing list is (or > was?) > > monitored by mitre, so posting here has been sufficient until now. > > That said, I really hope that MITRE will continue to use this list for CVE > assignments. List members have often followed up with information on CVE > requests which noone would be able to provide for the web-based approach. > > Cheers, > Moritz > -- -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert@...hat.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ