Date: Sat, 08 Mar 2008 16:12:15 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, tss@....fi Subject: Re: CVE? CCE? dovecot setting is often used incorrectly * Jonathan Smith: > I've been trying to figure out what to do with this one. I'm not > inclined to believe it deserves a CVE given that it is configuration > (either dovecot config or filesystem permissions configuration). I read > once on mitre.org about "Common Configuration Enumeration" aka "CCE" > issues, but I've never seen them actually used. Maybe this is a good > candidate? Debian will release a security update with a patch, so we need a CVE anyway. We might use one from our pool (after all, it's an interplay between our default MTA and Dovecot, and may not be very widespread), or we might reference a generic one. I don't know which one is better.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.