[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] znc id: CVE-2010-2448 or CVE-2010-2488?
From:       Raphael Geissert <geissert () debian ! org>
Date:       2010-07-14 0:12:17
Message-ID: i1ivcp$oc6$1 () dough ! gmane ! org
[Download RAW message or body]

Hi,

Some weeks ago I requested an id for a null pointer dereference in ZNC.
Josh assigned CVE-2010-24*8*8.

Because of a typo, the CVE id referenced in the DSA I released was 
CVE-2010-24*4*8 [1] (previously assigned by Steven to a gitolite issue, 
SA39587.) I updated our tracker as soon as I noticed the typo.

However, in the last batch of CVE updates, the znc issue appeared with the 
incorrect id (i.e. CVE-2010-24*4*8.)

VUPEN and SecurityFocus already picked up the wrong id.

How should we proceed?

I would like to apologise for the inconvenience.

[1]http://www.openwall.com/lists/oss-security/2010/06/24/5

Kind regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


[prev in list] [next in list] [prev in thread] [next in thread]