Date: Fri, 29 Jul 2011 10:34:16 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE mistake in libsoup release notes Upstream mistakenly used the wrong CVE name in the recent libsoup releases. They should have used CVE-2011-2524, but used CVE-2011-2054 instead. I don't know who's pool CVE-2011-2054 might be in, but I would recommend rejecting that CVE name and duping it against CVE-2011-2524. I've seen both Gentoo and Novell reference the wrong CVE name in bugzilla entries, so I thought I should bring this up. See: https://bugzilla.redhat.com/show_bug.cgi?id=720509#c15 and it's follow-up comment from upstream (they've made the appropriate changes in git now to reflect the correct CVE name). So CVE-2011-2524 is the correct CVE, and CVE-2011-2054 is the _wrong_ CVE. Thanks. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.