Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Jul 2017 20:37:08 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: Matthew Daley <mattd@...fuzz.com>, Kurt Seifried <kurt@...fried.org>
Subject: Re: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004

Feel free to modify it and submit a pull request!

https://github.com/distributedweaknessfiling/DWF-CVE-Database/tree/master/2017/1000xxx

also I submit the dwf data to mitre but we're having some teething problems.

On Wed, Jul 19, 2017 at 6:59 AM, Henri Salo <henri@...v.fi> wrote:

> On Wed, Jul 19, 2017 at 11:37:28PM +1200, Matthew Daley wrote:
> > On 17 July 2017 at 00:01, Henri Salo <henri@...v.fi> wrote:
> > > Is this assigment somehow related to this oss-security post?
> > > http://www.openwall.com/lists/oss-security/2016/07/01/3
> >
> > Yes.
>
> Thanks for your reply and clearing this up. One of the points in my email
> was
> that this is not documented in the DWF item well enough. There is
> description_data with value, but no referer to oss-security, which should
> also
> use those issue numbers. Should the assigner or requester post this
> information
> to oss-security aswell or is the point that DWF is followed via GitHub with
> custom scripts? If someone makes a pull request to the item is the
> information
> populated to MITRE and NVD databases and how often?
>
> --
> Henri Salo
>



-- 

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ