Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Dec 2014 18:19:10 +0000
From: "Christey, Steven M." <coley@...re.org>
To: Reed Loden <reed@...dloden.com>, "oss-security@...ts.openwall.com"
	<oss-security@...ts.openwall.com>
CC: Assign a CVE Identifier <cve-assign@...re.org>
Subject: RE: request for CVEs for git clients

Just a quick note, since there has been some confusion or question about whether additional identifiers are necessary for other git clients.

If a client uses an "official" git library and inherits the vulnerability from that code, then CVE-2014-9390 is appropriate based on shared libraries / codebases.

If there are other git clients that work with the git "protocol" but contain independently-written code (i.e. a separate implementation), and those clients are vulnerable, then each implementation should receive its own ID.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.