Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <0910281142590.6938@mjc.redhat.com>
Date: Wed, 28 Oct 2009 11:43:26 +0000 (GMT)
From: Mark J Cox <mjc@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Josh Bressers <bressers@...hat.com>, Joe Orton <jorton@...hat.com>,
        Ondrej Vasik <ovasik@...hat.com>, Roman Rakus <rrakus@...hat.com>,
        CERT-FI Vulnerability Co-ordination <vulncoord@...ora.fi>
Subject: Re: CVE Request -- expat [was: Re: Regarding expat
 bug 1990430]

>> Based on the above -^ I would vote for separate CVE identifier for expat
>> flaw
>> (and its embedded copies in dozen of packages):
>>
>> https://bugs.gentoo.org/show_bug.cgi?id=280615#c8
>> https://bugs.gentoo.org/show_bug.cgi?id=280615#c10
>
> As far as we understand, the expat flaw in question is in no way related
> to CVE-2009-2625, or other recent XML parser flaws. Therefore our take
> is that it should have a distinct CVE entry.

So use CVE-2009-3720 for this

Mark

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.