Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 08 Mar 2008 16:12:15 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,  tss@....fi
Subject: Re: CVE? CCE? dovecot setting is often used incorrectly

* Jonathan Smith:

> I've been trying to figure out what to do with this one. I'm not
> inclined to believe it deserves a CVE given that it is configuration
> (either dovecot config or filesystem permissions configuration). I read
> once on mitre.org about "Common Configuration Enumeration" aka "CCE"
> issues, but I've never seen them actually used. Maybe this is a good
> candidate?

Debian will release a security update with a patch, so we need a CVE
anyway.  We might use one from our pool (after all, it's an interplay
between our default MTA and Dovecot, and may not be very widespread), or
we might reference a generic one.  I don't know which one is better.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.