[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE already assigned for 1026891?
From: Vincent Danen <vdanen () redhat ! com>
Date: 2013-12-20 18:22:24
Message-ID: F98F00CB-1003-4424-955A-12C638E304BB () redhat ! com
[Download RAW message or body]
On Dec 20, 2013, at 8:28 AM, Marcus Meissner <meissner@suse.de> wrote:
> On Wed, Dec 18, 2013 at 12:58:17PM -0700, Vincent Danen wrote:
> >
> > On Dec 18, 2013, at 12:43 PM, cve-assign@mitre.org wrote:
> >
> > > Signed PGP part
> > > http://www.openwall.com/lists/oss-security/2013/12/18/3 raises the
> > > question of whether there is a CVE assignment in
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1026891 already, in order
> > > to avoid a duplicate assignment. Our guess is that security issues
> > > tracked privately by Red Hat typically do have pre-assigned CVE IDs,
> > > so MITRE will delay a CVE assignment indefinitely.
> > >
> > > Although it would be great to know what CVE ID you have assigned,
> > > replying with something like "yes, it has a CVE ID, but it's only
> > > being shared with the embargo audience" would be quite useful as well.
> >
> > There is a CVE assigned to this, but based on what Sebastian wrote, I can’t tell if it’s \
> > the same issue so I’m hesitant to say what the CVE is in case it does end up being \
> > different.
> > Sebastian, can you give me access to your bug? Or did you intend to make it public? I’m \
> > assuming that since you are asking about a CVE here, you maybe did not mean to keep it \
> > private? Your other message said your bug contained upstream URLs (so maybe even pasting \
> > those here would be helpful).
> > Once I can look at it, I can let you know for sure whether or not it is the same issue (and \
> > should then use the same CVE).
>
> I have moved the bug to our Security Incidents product, so it should be visible now.
I see it. That should be CVE-2013-6418 as Murray had already indicated.
https://bugzilla.redhat.com/show_bug.cgi?id=1039801
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic