'[oss-security] Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re:'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re:
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2011-11-23 11:45:08
Message-ID: 4ECCDCC4.4090700 () redhat ! com
[Download RAW message or body]

Hello Steve,

   thank you for the clarification due this.

But according to latest CVE-2011-2708 and CVE-2011-4331 description 
assignment, there seems to be a type (rounded / cycled definition of both):

======================================================
Name: CVE-2011-2708
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2708 [Open URL]
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20110711
Category:

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2708. Reason:
This candidate is a duplicate of CVE-2011-2708. Notes: All CVE users
should reference CVE-2011-2708 instead of this candidate. All
references and descriptions in this candidate have been removed to
prevent accidental usage.

This one should mention 'CVE-2011-2710' in the body (based on the
reply below).

======================================================
Name: CVE-2011-4331
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4331 [Open URL]
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20111104
Category:

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4331. Reason:
This candidate is a duplicate of CVE-2011-4331. Notes: All CVE users
should reference CVE-2011-4331 instead of this candidate. All
references and descriptions in this candidate have been removed to
prevent accidental usage.

This one should use "CVE-2011-4110" in the body, based on:
http://seclists.org/oss-sec/2011/q4/378

Could you correct these two yet? (not a big deal, just wanted to
point this out those two to be described correctly, even when being
duplicates).

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

On 11/23/2011 04:30 AM, Steven M. Christey wrote:
>
> Let's keep CVE-2011-2710 and we will reject CVE-2011-2708. Henri, I'm
> sorry about the lack of response :-(
>
> - Steve
>
>
> On Mon, 21 Nov 2011, Kurt Seifried wrote:
>
>>
>>> CVE-2011-2708 and CVE-2011-2710 are both about 20110701 XSS
>>> vulnerability:
>>> http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html
>>> and I have already contacted MITRE twice to get another one marked as
>>> obsolete.
>>>
>>>
>>> Best regards,
>>> Henri Salo
>>
>> Ok CVE-2011-2710 is public in CVE and NVD:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2710, and
>> CVE-2011-2708 is still marked as reserved so we should probably quietly
>> take CVE-2011-2708 out back and shoot it.
>>
>> CC'ing mitre.
>>
>> --
>>
>> -Kurt Seifried / Red Hat Security Response Team
>>
>>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic