Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 26 Oct 2009 16:40:05 +0200
From: CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi>
To: oss-security <oss-security@...ts.openwall.com>
CC: "Steven M. Christey" <coley@...us.mitre.org>, 
 Josh Bressers <bressers@...hat.com>,
 Joe Orton <jorton@...hat.com>, Ondrej Vasik <ovasik@...hat.com>, 
 Roman Rakus <rrakus@...hat.com>,
 CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi>
Subject: Re: CVE Request -- expat [was: Re: Regarding expat
 bug 1990430]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

Jan Lieskovsky wrote:
> Based on the above -^ I would vote for separate CVE identifier for expat
> flaw
> (and its embedded copies in dozen of packages):
> 
> https://bugs.gentoo.org/show_bug.cgi?id=280615#c8
> https://bugs.gentoo.org/show_bug.cgi?id=280615#c10

As far as we understand, the expat flaw in question is in no way related
to CVE-2009-2625, or other recent XML parser flaws. Therefore our take
is that it should have a distinct CVE entry.

- -Jussi / CERT-FI
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFK5bTF/64aC2E+yK8RAujqAKCgFjrzN4XZJ87Cf3pBAh2/1uNl6gCfW8+v
qlDdj1prKH23JhsVi8mv90A=
=Vin/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.