[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- Apache CouchDB v.0.11.0 -- timing
From:       Alex Legler <a3li () gentoo ! org>
Date:       2010-03-31 18:39:10
Message-ID: 20100331203910.361e13b6 () mail ! a3li ! li
[Download RAW message or body]


Hi,

On Wed, 31 Mar 2010 19:26:38 +0200, Jan Lieskovsky
<jlieskov@redhat.com> wrote:

> 
> [1] references CVE-2008-2370 as CVE id, but CVE-2008-2370 is Apache
> Tomcat flaw: [6]
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
> 
> Since Apache CouchDB is different code base, susceptible to the same
> issue as in [3], assuming new CVE identifier is required.
> 

Jan already posted a follow-up
(http://seclists.org/fulldisclosure/2010/Mar/554) to his message with
an updated ID: CVE-2010-0009

Alex

-- 
Alex Legler | Gentoo Security / Ruby
a3li@gentoo.org | a3li@jabber.ccc.de

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]