Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 23 Dec 2020 17:58:28 +0100
From: Fabian Keil <freebsd-listen@...iankeil.de>
To: oss-security@...ts.openwall.com
Subject: CVE request experience (was: Multiple memory leaks fixed in Privoxy
 3.0.29 stable)

Fabian Keil <freebsd-listen@...iankeil.de> wrote on 2020-11-29:

>                Announcing Privoxy 3.0.29 stable
[...]
> - Security/Reliability:
>   - Fixed memory leaks when a response is buffered and the buffer
>     limit is reached or Privoxy is running out of memory.
>     Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.

I tried to get a CVE for OVE-20201118-0001 by using the
"new" form at https://cveform.mitre.org/ on 2020-11-18 but
was told by MITRE that "the reported vulnerabilities would
fall in the scope of Red Hat for assignment" and that their
mail should be forwarded to secalert@...hat.com.

I did that on 2020-11-18 using the OpenPGP key recommended at:
https://access.redhat.com/security/team/contact

On 2020-11-23 I received a response from Red Hat claiming
that my e-mail had "no body".

The same day I replied with an unencrypted mail explaining
that the previous mail was OpenPGP-encrypted and asked whether
that was still supported.

As a result I was informed that "INC1525130" "has been resolved".

As of today I still haven't received a CVE and thus did
not bother to request CVEs for the other issues fixed in
Privoxy 3.0.29 ...

Fabian

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.