Date: Wed, 14 Sep 2016 11:03:34 +0200 From: Anonymous <dregad@...tisbt.org> To: oss-security@...ts.openwall.com Subject: Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Andreas Stieger <astieger@...e.com> wrote: Hi Andreas Many thanks for your reply. > I noticed that in your original e-mail to this list, you did not cc > cve-assign. That's true, but I never did in the past, as this mailing list is (or was?) monitored by mitre, so posting here has been sufficient until now. Furthermore in this case I was not quite certain that a CVE was actually required for this, so I was kind of hoping for guidance. > Also note that there are new procedures, including a request > form, in addition to the previous recommendation to contact a CNA > https://cve.mitre.org/cve/request_id.html I was not aware of that, thanks for the heads up. Will follow these guidelines and use the form in the future. Cheers Damien
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.