Date: Thu, 16 May 2013 12:35:40 -0700 From: Russ Allbery <rra@...ian.org> To: Salvatore Bonaccorso <carnil@...ian.org> Cc: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: Re: CVE Request: WebAuth: Authentication credential disclosure Salvatore Bonaccorso <carnil@...ian.org> writes: > Could a CVE be assigned for this issue in WebAuth (Cc'ing Russ > Allbery): Ack, sorry, I considered asking for a CVE and then decided not to since I wasn't sure anyone would really care given the limited deployment of the affected code. That was probably the wrong decision, particularly based on Kurt's comments yesterday, so I probably should have gone ahead and done it and included it in the advisory. I'm happy to include a CVE in the advisory and in the Debian experimental changelog going forward. -- Russ Allbery (rra@...ian.org) <http://www.eyrie.org/~eagle/>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.