[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- Apache CouchDB v.0.11.0 -- timing
From: Alex Legler <a3li () gentoo ! org>
Date: 2010-03-31 18:39:10
Message-ID: 20100331203910.361e13b6 () mail ! a3li ! li
[Download RAW message or body]
Hi,
On Wed, 31 Mar 2010 19:26:38 +0200, Jan Lieskovsky
<jlieskov@redhat.com> wrote:
>
> [1] references CVE-2008-2370 as CVE id, but CVE-2008-2370 is Apache
> Tomcat flaw: [6]
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
>
> Since Apache CouchDB is different code base, susceptible to the same
> issue as in [3], assuming new CVE identifier is required.
>
Jan already posted a follow-up
(http://seclists.org/fulldisclosure/2010/Mar/554) to his message with
an updated ID: CVE-2010-0009
Alex
--
Alex Legler | Gentoo Security / Ruby
a3li@gentoo.org | a3li@jabber.ccc.de
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic