Date: Mon, 28 May 2012 10:43:45 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org>, Mitre CVE assign department <cve-assign@...re.org> CC: oss-security@...ts.openwall.com Subject: Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue Hello Steve, vendors, previously the CVE identifier of CVE-2012-2391 has been assigned to the following issue:  http://www.openwall.com/lists/oss-security/2012/05/23/12  http://www.openwall.com/lists/oss-security/2012/05/23/15 Today when checking CVE new mail, noticed the CVE-2012-2942 yet: ====================================================== Name: CVE-2012-2942 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2942 [Open URL] Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20120527 Category: Reference: CONFIRM:http://haproxy.1wt.eu/#news [Open URL] Reference: CONFIRM:http://haproxy.1wt.eu/download/1.4/src/CHANGELOG [Open URL] Reference: CONFIRM:http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b [Open URL] Reference: BID:53647 Reference: URL:http://www.securityfocus.com/bid/53647 [Open URL] Reference: SECUNIA:49261 Reference: URL:http://secunia.com/advisories/49261 [Open URL] Reference: XF:haproxy-trash-bo(75777) Reference: URL:http://xforce.iss.net/xforce/xfdb/75777 [Open URL] Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. Both of these are referring to the same issue. Steve, CVE-assign could you clarify which CVE id should be kept and which one should be rejected as duplicate? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.