[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Qt SSL endless loop
From: Vincent Danen <vdanen () redhat ! com>
Date: 2010-08-20 21:30:30
Message-ID: 20100820213030.GT3357 () redhat ! com
[Download RAW message or body]
* [2010-08-20 16:56:02 -0400] Steven M. Christey wrote:
>Just to close this up. I have actually preserved CVE-2010-2621 and
>have marked CVE-2010-2533 as a duplicate, which is contrary to what
>Vincent said.
Bah, just re-read the below thing and you're entirely right, and this
was what I meant (looking at our bug, we never used 2533, and left 2621
as it was). My intention was to note the newly _assigned_ one as a dupe
and I was apparently concentrating on the larger number when I wrote the
response.
Sorry about that, that probably created a healthy dose of confusion.
>MITRE is ultimately the authority on which CVE should be rejected
>when duplicates arise. See
>http://cve.mitre.org/cve/editorial_policies/duplicates.html for the
>criteria that I generally follow (every once in a while, a behemoth
>"authoritative source" wins, though generally there is an expectation
>that their ID will become more ubiquitous in the future anyway.)
No problem at all. Thanks for the clarification here Steve.
>On Mon, 19 Jul 2010, Vincent Danen wrote:
>
>>* [2010-07-19 10:49:36 +0200] Ludwig Nussel wrote:
>>
>>>Vincent Danen wrote:
>>>>* [2010-07-16 11:19:09 -0400] Josh Bressers wrote:
>>>>
>>>>>Please use CVE-2010-2533
>>>>
>>>>Wasn't this already assigned CVE-2010-2621?
>>>>
>>>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621
>>>>
>>>>It links to the same advisory (qtsslame-adv.txt) and that only seems to
>>>>be reporting one single problem.
>>>
>>>Oops, indeed. We've overlooked that assignment. Sorry for the confusion :-/
>>
>>No problem. We need to discard the new one then (discard CVE-2010-2621
>>as a dupe of CVE-2010-2533).
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic