[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: PHP MOPS-2010-56..60
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-08-25 14:22:57
Message-ID: 1207142256.261621282746177336.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2950

Thanks.

-- 
    JB


----- "Steven M. Christey" <coley@linus.mitre.org> wrote:

> On Tue, 24 Aug 2010, Tomas Hoger wrote:
> 
> > Standard practice is to use new CVE.  As all 5 phar MOPS were
> covered
> > under single CVE, and not all of them were fixed in 5.3.3, I'd
> expect a
> > new "incomplete fix" CVE.
> 
> That's appropriate in this case.  I'll let Josh assign a CVE to avoid
> the 
> possibility of dupes.
> 
> General practice (subject to modification on a case-by-case basis)
> is:
> 
> - issue was never fixed and never claimed to be fixed: use original
> CVE
>    (probably triggers an update to description for affected versions)
> 
> - issue was claimed fixed but the fix was incomplete: use new CVE
> 
> - issue was never fixed but claimed to be fixed: ??? (it's happened a
> few
>    times)
> 
> 
> 
> - Steve
[prev in list] [next in list] [prev in thread] [next in thread]