[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: PHP MOPS-2010-56..60
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-08-25 14:22:57
Message-ID: 1207142256.261621282746177336.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-2950
Thanks.
--
JB
----- "Steven M. Christey" <coley@linus.mitre.org> wrote:
> On Tue, 24 Aug 2010, Tomas Hoger wrote:
>
> > Standard practice is to use new CVE. As all 5 phar MOPS were
> covered
> > under single CVE, and not all of them were fixed in 5.3.3, I'd
> expect a
> > new "incomplete fix" CVE.
>
> That's appropriate in this case. I'll let Josh assign a CVE to avoid
> the
> possibility of dupes.
>
> General practice (subject to modification on a case-by-case basis)
> is:
>
> - issue was never fixed and never claimed to be fixed: use original
> CVE
> (probably triggers an update to description for affected versions)
>
> - issue was claimed fixed but the fix was incomplete: use new CVE
>
> - issue was never fixed but claimed to be fixed: ??? (it's happened a
> few
> times)
>
>
>
> - Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic