'Re: [oss-security] CVE Request -- expat [was: Re: Regarding expat'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- expat [was: Re: Regarding expat
From:       Mark J Cox <mjc () redhat ! com>
Date:       2009-10-28 11:43:26
Message-ID: 0910281142590.6938 () mjc ! redhat ! com
[Download RAW message or body]

>> Based on the above -^ I would vote for separate CVE identifier for expat
>> flaw
>> (and its embedded copies in dozen of packages):
>>
>> https://bugs.gentoo.org/show_bug.cgi?id=280615#c8
>> https://bugs.gentoo.org/show_bug.cgi?id=280615#c10
>
> As far as we understand, the expat flaw in question is in no way related
> to CVE-2009-2625, or other recent XML parser flaws. Therefore our take
> is that it should have a distinct CVE entry.

So use CVE-2009-3720 for this

Mark
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic