Date: Mon, 18 Apr 2016 13:15:51 -0400 From: Randy Barlow <rbarlow@...hat.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users On Mon, Apr 18, 2016 at 11:11:35AM -0400, cve-assign@...re.org wrote: > Use CVE-2013-7450. Thank you! I forgot to credit Sander Bos in my initial e-mail for bringing the lack of CVE for this issue to my attention. > (We're interpreting this as a request from the Pulp upstream vendor. > In general, it would be hard for a third party to determine whether a > "tiny paragraph" was generally recognized as a required part of the > installation process.) That's correct, I am a core contributor to the Pulp project. -- Randy Barlow irc: bowlofeggs Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.