Date: Fri, 16 Jun 2017 08:20:40 +1000 From: Brian May <brian@...uxpenguins.xyz> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt Seifried <kseifried@...hat.com> writes: > Should we assign CVEs for code examples/documentation? E.g. We assign CVEs > for code shipped to people in digital form. Why not assign CVEs for code in > documentation or commonly used examples? We can go with the rational that > CVEs get assigned to the affected code bases (e.g. when someone implements > that documentation/code), but it might also be good to educate the > community about bad examples/documentation/etc. For a prior example, in this case of documentation suggesting insecure configuration, see: http://www.openwall.com/lists/oss-security/2015/03/28/7 I note that the documentation still has the bad example listed, with no indication that this is bad. http://www.openldap.org/doc/admin24/guide.html#Access Control Examples -- Brian May <brian@...uxpenguins.xyz> https://linuxpenguins.xyz/brian/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ