Date: Wed, 4 Jan 2012 13:02:26 -0700 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Cc: krahmer@...e.de, cve-assign@...re.org, Mark Thomas <markt@...che.org> Subject: Re: Re: CVE-2011-4858 confusion * [2012-01-04 09:50:48 -0500] cve-assign@...re.org wrote: >MITRE is still working on this. Our current perspective is that >CVE-2011-4084 is one vulnerability that was confirmed by the upstream >vendor, and CVE-2011-4858 is a different vulnerability that was not >confirmed by the upstream vendor. There are apparently related test >cases and test results that are not yet public. We received an email from upstream Tomcat asking us to make that change. CVE-2011-4858 is the CVE for the hash collision issue. I'm cc'ing Mark who made the original request to us. Mark, could you please clarify? Thanks. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.