Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Jul 2017 15:59:00 +0300
From: Henri Salo <henri@...v.fi>
To: Matthew Daley <mattd@...fuzz.com>
Cc: Kurt Seifried <kurt@...fried.org>, oss-security@...ts.openwall.com
Subject: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004

On Wed, Jul 19, 2017 at 11:37:28PM +1200, Matthew Daley wrote:
> On 17 July 2017 at 00:01, Henri Salo <henri@...v.fi> wrote:
> > Is this assigment somehow related to this oss-security post?
> > http://www.openwall.com/lists/oss-security/2016/07/01/3
> 
> Yes.

Thanks for your reply and clearing this up. One of the points in my email was
that this is not documented in the DWF item well enough. There is
description_data with value, but no referer to oss-security, which should also
use those issue numbers. Should the assigner or requester post this information
to oss-security aswell or is the point that DWF is followed via GitHub with
custom scripts? If someone makes a pull request to the item is the information
populated to MITRE and NVD databases and how often?

-- 
Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ