Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 04 Mar 2012 20:19:14 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Moritz Mühlenhoff <jmm@...til.org>,
        Debian Security Team <security@...ian.org>
Subject: Re: CVE request: notmuch

On 03/04/2012 11:50 AM, Moritz Mühlenhoff wrote:
> Hi,
> please assign a CVE for this issue in "notmuch" (fixed in DSA 2416):
> http://lists.debian.org/debian-security-announce/2012/msg00044.html
> 
> Fix:
> http://git.notmuchmail.org/git/notmuch/commit/ae438ccd8c77831158c7c30f19710d798ee4a6b4
> 
> Cheers,
>         Moritz

Please use CVE-2012-1103 for this issue.

Potentially stupid Q, why no CVE request from Debian? I'm happy to
assign them, especially for stuff that qualifies for a DSA, it will
almost certainly qualify for a CVE. If you need one for an embargoed
issue please email the OpenWall vs list
(http://oss-security.openwall.org/wiki/mailing-lists/distros) and I can
assign it there.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.