Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 4 Apr 2013 16:32:56 +0000
From: "Christey, Steven M." <>
To: "" <>
Subject: RE: Confused with Drupal CVEs


While SA-CONTRIB-2013-001 listed only one CVE, CVE-2013-0181, there were two vulnerabilities that were found by different researchers.  While they were originally merged into a single CVE (same vulnerability type), we also have guidelines that SPLIT issues into different groups if they are found by different researchers.  So, the MITRE team SPLIT these CVEs accordingly, after the initial erroneous assignment.  We listed as a reference for the new/split CVE-2013-2715 because this was effectively where the vulnerability was more widely disclosed.

- Steve

>-----Original Message-----
>From: Henri Salo []
>Sent: Thursday, April 04, 2013 2:58 AM
>Subject: [oss-security] Confused with Drupal CVEs
>SA-CONTRIB-2013-001 CVE-2013-0181
>Why does
>link to
>Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.