[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Firefox: CVE-2011-3867 a dupe of CVE-2011-2998
From:       Moritz Muehlenhoff <jmm () debian ! org>
Date:       2011-09-30 5:46:32
Message-ID: 20110930054632.GA29071 () inutil ! org
[Download RAW message or body]

Hi,
When http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
went live it initially listed "CVE-2011-XXXX" as the CVE ID. However,
since it was obvious that CVE-2011-2998 was missing in the block of
Mozilla IDs I asked the Mozilla security group for confirmation if
MFSA 2011-37 is in fact CVE-2011-2998, which they confirmed  and 
fixed on the website later the day.

MITRE then seems to have assigned CVE-2011-3867 to this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3867, which
links to the MFSA page, which itself mentions CVE-2011-2998.

Beside Debian CVE-2011-2998 was also used by Red Hat:
https://rhn.redhat.com/errata/RHSA-2011-1341.html and since it's also 
mentioned on the Mozilla page my recommendation would be to reject 
CVE-2011-3867, before it gets used more widely.

Cheers,
        Moritz


[prev in list] [next in list] [prev in thread] [next in thread]