Date: Sun, 14 Nov 2010 10:05:07 -0500 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com Cc: Bill Janssen <bill.janssen@...il.com>, Andreas Hasenack <ahasenack@...ra.com.br>, Mads Kiilerich <mads@...lerich.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly On Mon, 2010-10-11 at 15:48 -0400, Josh Bressers wrote: > Steve, > > Can I defer this one to MITRE? My initial thought is that python should get > the ID, but they seem to want to push it up to the application developers, > but they also added some functionality in > http://svn.python.org/view?view=rev&revision=85321 > > Is there a past precedent for this? > Has any decision been made regarding CVE assignment for this? I've found some more python applications that aren't validating ssl certs, and am waiting to know how this is going to be handled. Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.