Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Jun 2017 08:20:40 +1000
From: Brian May <>
To: oss-security <>
Subject: Re: Re: MySQL - use-after-free after mysql_stmt_close()

Kurt Seifried <> writes:

> Should we assign CVEs for code examples/documentation? E.g. We assign CVEs
> for code shipped to people in digital form. Why not assign CVEs for code in
> documentation or commonly used examples? We can go with the rational that
> CVEs get assigned to the affected code bases (e.g. when someone implements
> that documentation/code), but it might also be good to educate the
> community about bad examples/documentation/etc.

For a prior example, in this case of documentation suggesting insecure
configuration, see:

I note that the documentation still has the bad example listed, with no
indication that this is bad. Control Examples
Brian May <>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ