Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 29 Jul 2011 10:34:16 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE mistake in libsoup release notes

Upstream mistakenly used the wrong CVE name in the recent libsoup
releases.  They should have used CVE-2011-2524, but used CVE-2011-2054
instead.

I don't know who's pool CVE-2011-2054 might be in, but I would recommend
rejecting that CVE name and duping it against CVE-2011-2524.

I've seen both Gentoo and Novell reference the wrong CVE name in
bugzilla entries, so I thought I should bring this up.

See:

https://bugzilla.redhat.com/show_bug.cgi?id=720509#c15 and it's
follow-up comment from upstream (they've made the appropriate changes in
git now to reflect the correct CVE name).

So CVE-2011-2524 is the correct CVE, and CVE-2011-2054 is the _wrong_
CVE.

Thanks.

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.