Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Jul 2017 20:37:08 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: Matthew Daley <mattd@...fuzz.com>, Kurt Seifried <kurt@...fried.org>
Subject: Re: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004

Feel free to modify it and submit a pull request!

https://github.com/distributedweaknessfiling/DWF-CVE-Database/tree/master/2017/1000xxx

also I submit the dwf data to mitre but we're having some teething problems.

On Wed, Jul 19, 2017 at 6:59 AM, Henri Salo <henri@...v.fi> wrote:

> On Wed, Jul 19, 2017 at 11:37:28PM +1200, Matthew Daley wrote:
> > On 17 July 2017 at 00:01, Henri Salo <henri@...v.fi> wrote:
> > > Is this assigment somehow related to this oss-security post?
> > > http://www.openwall.com/lists/oss-security/2016/07/01/3
> >
> > Yes.
>
> Thanks for your reply and clearing this up. One of the points in my email
> was
> that this is not documented in the DWF item well enough. There is
> description_data with value, but no referer to oss-security, which should
> also
> use those issue numbers. Should the assigner or requester post this
> information
> to oss-security aswell or is the point that DWF is followed via GitHub with
> custom scripts? If someone makes a pull request to the item is the
> information
> populated to MITRE and NVD databases and how often?
>
> --
> Henri Salo
>



-- 

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.