Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Sep 2016 10:22:58 -0600
From: Kurt Seifried <>
To: oss-security <>
Subject: Re: Re: ADOdb PDO driver: incorrect quoting may allow
 SQL injection

Ideally people should get CVEs and then post to oss-security with the
information and the CVE. A lot of people consume the list data and the
current method means that people end up searching their DBs, making sure
it's new, then entering it, then updating it with a CVE. If people got CVEs
first this would vastly simplify things.

On Wed, Sep 14, 2016 at 3:21 AM, Moritz Muehlenhoff <> wrote:

> > > I noticed that in your original e-mail to this list, you did not cc
> > > cve-assign.
> >
> > That's true, but I never did in the past, as this mailing list is (or
> was?)
> > monitored by mitre, so posting here has been sufficient until now.
> That said, I really hope that MITRE will continue to use this list for CVE
> assignments. List members have often followed up with information on CVE
> requests which noone would be able to provide for the web-based approach.
> Cheers,
>         Moritz


Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ