Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Aug 2017 02:48:24 +0000
From: winsonliu(刘科) <winsonliu@...cent.com>
To: Vladis Dronov <vdronov@...hat.com>, "oss-security@...ts.openwall.com"
	<oss-security@...ts.openwall.com>, Alan Coopersmith
	<alan.coopersmith@...cle.com>
CC: cve-assign <cve-assign@...re.org>
Subject: RE: CVE Request: Multiple security issues in OpenJPEG

Hello,

I've already submitted these issues to https://cveform.mitre.org/ . As expected, four CVE numbers will be assigned since some of them have the same root cause.

Regards,
Ke

-----Original Message-----
From: winsonliu
Sent: 2017年8月25日 20:16
To: 'Vladis Dronov' <vdronov@...hat.com>; 'oss-security@...ts.openwall.com' <oss-security@...ts.openwall.com>; 'Alan Coopersmith' <alan.coopersmith@...cle.com>
Cc: 'cve-assign' <cve-assign@...re.org>
Subject: RE: [oss-security] CVE Request: Multiple security issues in OpenJPEG

Hello,

I'll submit them to cveform next week. And I'll update this thread when more information is available.

Regards,
Ke

-----Original Message-----
From: winsonliu 
Sent: 2017年8月24日 9:26
To: 'Vladis Dronov' <vdronov@...hat.com>; oss-security@...ts.openwall.com; 'Alan Coopersmith' <alan.coopersmith@...cle.com>
Cc: cve-assign <cve-assign@...re.org>
Subject: RE: [oss-security] CVE Request: Multiple security issues in OpenJPEG

I'm afraid no CVEs were assigned. At least I did not submit these issues to https://cveform.mitre.org/ 

Regards,
Ke

-----Original Message-----
From: Vladis Dronov [mailto:vdronov@...hat.com] 
Sent: 2017年8月23日 19:53
To: oss-security@...ts.openwall.com
Cc: winsonliu <winsonliu@...cent.com>; cve-assign <cve-assign@...re.org>
Subject: Re: [oss-security] CVE Request: Multiple security issues inOpenJPEG(Internet mail)

> Most of these seem to be fixed now in OpenJPEG's recent 2.2.0 release.
> Did CVE id's ever get assigned for them?

If no one reported them and requested CVE-ids via https://cveform.mitre.org/ then I suppose not, no CVE-ids were assigned.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ