Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 14 Jan 2011 18:01:58 +0100
From: Moritz Mühlenhoff <jmm@...til.org>
To: oss-security@...ts.openwall.com, coley@...re.org
Subject: Re: CVE requests: ftpls, xdigger, lbreakout2,
 calibre, typo3

On Wed, Jan 12, 2011 at 10:48:06PM -0600, Raphael Geissert wrote:
> Hi,
> 
> Could CVE ids be assigned for the following issues? Thanks in advance.
> 
> There are more issues without ids, will request them later.

We're still missing CVE assignments for several issues from 2009.
These have been requested on oss-security before, but couldn't be 
processed by Josh/Red Hat, since RH doesn't have 2009 IDs. As such, 
they need to be handled by MITRE:

1. Overkill (this should be a CVE-2009 ID)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549310

2. Emacs mode for reStructuredText (from DocUtils) (this should be a CVE-2009 ID)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755

3. FireGPG (this should be a CVE-2008 ID)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386
http://securityvulns.com/Udocument757.html

4. Burn (Homepage: http://www.bigpaul.org/burn/) (That's a CVE-2009 ID)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542329

5. pdfroff (from GNU groff) (That's a CVE-2009 ID)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff

6. Jetty (That's a CVE-2009 ID)
http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

7. Konversation (That's a CVE-2009 ID)
http://bugs.kde.org/show_bug.cgi?id=219985

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.