Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 03 Dec 2013 21:50:31 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: oss-security@...ts.openwall.com, kseifried@...hat.com
Subject: Duplicate OpenStack CVEs for Horizon?


Hi,

I was looking at https://bugs.launchpad.net/ossa/+bug/1247675 and it looks like
upstream Horizon got CVE-2013-6406 assigned (referenced in the bug).

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730752 also references this
Launchpad bug, but does not reference a CVE.

Secunia http://secunia.com/advisories/55770 references CVE-2013-6406.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6858 references the
Launchpad bug and the Secunia advisory, but has a different CVE. The only
reference I found to CVE-2013-6858 was the RedHat bug.

Is CVE-2013-6858 simply a duplicate of CVE-2013-6406 or were these supposed to
be split out for some reason?

Thanks

-- 
Jamie Strandboge                 http://www.ubuntu.com/


Download attachment "signature.asc" of type "application/pgp-signature" (902 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.