Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 23 Dec 2020 11:24:31 -0700
From: Nick Tait <ntait@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request experience (was: Multiple memory leaks
 fixed in Privoxy 3.0.29 stable)

That is a rather poor experience Fabian, sorry! Took a look at that
incident number and no encrypted message appears on our end. I believe you
did actually send a message but not sure what went wrong. While I can't
directly help, did request the appropriate people follow up with you.

Nick Tait

He / Him / His 🏳️‍🌈

Product Security Engineer - OpenStack

Red Hat
<https://www.redhat.com>

secalert@...hat.com for urgent response
<https://www.redhat.com>

IM: nickthetait

If I am replying on an unusual time or day it is because I am working an
adjusted schedule. No pressure to reply immediately, wait until your normal
working hours.
<https://www.redhat.com>


On Wed, Dec 23, 2020 at 10:20 AM Fabian Keil <freebsd-listen@...iankeil.de>
wrote:

> Fabian Keil <freebsd-listen@...iankeil.de> wrote on 2020-11-29:
>
> >                Announcing Privoxy 3.0.29 stable
> [...]
> > - Security/Reliability:
> >   - Fixed memory leaks when a response is buffered and the buffer
> >     limit is reached or Privoxy is running out of memory.
> >     Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
>
> I tried to get a CVE for OVE-20201118-0001 by using the
> "new" form at https://cveform.mitre.org/ on 2020-11-18 but
> was told by MITRE that "the reported vulnerabilities would
> fall in the scope of Red Hat for assignment" and that their
> mail should be forwarded to secalert@...hat.com.
>
> I did that on 2020-11-18 using the OpenPGP key recommended at:
> https://access.redhat.com/security/team/contact
>
> On 2020-11-23 I received a response from Red Hat claiming
> that my e-mail had "no body".
>
> The same day I replied with an unencrypted mail explaining
> that the previous mail was OpenPGP-encrypted and asked whether
> that was still supported.
>
> As a result I was informed that "INC1525130" "has been resolved".
>
> As of today I still haven't received a CVE and thus did
> not bother to request CVEs for the other issues fixed in
> Privoxy 3.0.29 ...
>
> Fabian
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.