Date: Wed, 31 Jul 2013 10:33:09 +0200 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: Insecure Software Download in pip On 31 July 2013 10:11, Kurt Seifried <kseifried@...hat.com> wrote: > On 07/30/2013 12:44 PM, Donald Stufft wrote: >> There was a CVE for pip not verifying TLS, >> https://access.redhat.com/security/cve/CVE-2013-1629 However that >> says it was RESERVED so I'm not sure how to make that unreserved? >> I've not done much with requesting CVEs before. > > Ok I have no info on that CVE, is it embargoed? I can't find it in > google after a quick search. I need to see that one before I can > assign anything. >From the bugzilla info: "source=debian", and looking at our tracker: https://security-tracker.debian.org/tracker/CVE-2013-1629 points to: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710163 I don't know who assigned the id, however. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.