Date: Sun, 22 Dec 2013 21:36:43 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE REJECTS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/22/2013 03:42 AM, Solar Designer wrote: > Kurt, all - > > On Wed, Dec 18, 2013 at 11:29:23PM -0700, Kurt Seifried wrote: >> CVE-2013-4403 - turns out CVE-2013-4404 covered the issue, no >> need for 4403. >> >> CVE-2013-4418 - turns out to be security hardening, not a >> security flaw, just like CVE-2013-4417 > > While I greatly appreciate your work on CVE assignments, I'd > appreciate it if you and others include at least project names and > preferably also vulnerability types and/or brief descriptions along > with CVE IDs in postings such as the above. That would make them a > lot more useful to Uhmm but they aren't security issues, they are mistakes (usually either duplicate or issues that turn out not to be a security vulnerability). As well some of these issues (in this case both I think) are still under embargo/not public so I can't always release details when they are being publicly rejected. > those of us who are not focused on CVE as much, but may > nevertheless be interested in findings about the actual security > issues. We're unlikely to go and look up each CVE ID mentioned > without detail just in case it's relevant to our projects. This part I don't really understand. If you want to see what security related bugs Red Hat products have you can simply search our BZ for products and use look for the keyword "Security". Not clear what looking up CVE's that have been rejected due to errors/etc. has to do with this? > Thanks, > > Alexander > - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSt73aAAoJEBYNRVNeJnmT0zsQAJ5iTVxZi1Q7WlqdfSA8QbFd Zgwypvy6eRhA+ElCcqmPc0SuA7ywFyiAuFkLMRe+gOz4T3t4hp2riv3cH/Bg2kAV UoNjgnzDfkV1VrAGvvchIBpao4dr6QZRx5ldTLkupeJmmXpx/lpHVerKBX30OgHh tPZyXM8Xw+TKZxlXMc3W35PgLsWmIw/Mb3IFEfVD15WS49eA2cWO/Kjdf5zTJ0je qDyKyvp5n6QCdBp0Qu4Gr9WFXH4jpqE3xtRxVMEpJBUtO6W1fWYQ9jGQ9tYfwRZi MXzz9MaN74VJqY7+KAXYk0pnEKp47nyPcawIp50L5OcrjiVRVP1OZCXMwop+4QmG LKALlnexFTk3FJ7RQPI7WxN9WAoPu2S94pkhX+zWKYetX4X2Go/nQd35HlYPYxLH 3WO0+IkkVNb9RM4K66O7zRqh44XTxiYz2ygPOkcYAtGATjomeFsxYbyWb6YH4Z04 0mt3GfmoQiHkFwWX+c5vdJpW64q9Ozdc25Od2jXjjXfAkh24XgCAeF/ys6cMCKDA Hvcs5chmV98wYbSvMG5dm7vzo4koCrcHh8lXZYZGEodwZsTws+2RrNZxWEdjTjgc BGgOVwCq0SZB587uzNp2uktcyQuQuqwb5gLP7rk8QN/Ndv7xkrjMPw1nXFlOXqBx Ec7b0lALoSMKevnOWmQT =meBi -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.