'[oss-security] Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android
From:       cve-assign () mitre ! org
Date:       2015-11-23 7:59:50
Message-ID: 20151123075950.3224E6C0934 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>> CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android

> Is there a typo here? CVE-2015-5257 was already assigned for an issue
> in drivers/usb/serial/whiteheat.c in the Linux kernel. see
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257

The outcome here is that this BridgeSecret vulnerability is now known
as CVE-2015-8320, not CVE-2015-5257. (Nobody working on Cordova was
involved in any typo or misuse of a CVE ID; however, that does not
change the outcome.) CVE-2015-5256 is unaffected by this event.

For additional details, see some or all of the following URLs
later today or tomorrow:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257

  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5256
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5256

  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8320
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8320

  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5275
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5275

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWUsYoAAoJEL54rhJi8gl5ymkQAJftRBBnk52E/5xni8vgGSBR
Ar0ihQ2/SwiTh4cu/N2FvxPWtdw1G+xHsFyiknW3tDlUJhVy04HJ23gYf5AJTXn6
31yL1mPZz+AsM87sCupr9lqKzS+/HBbuVBPzz+Zs8Vb4pQYiuz/8Z0yCD4HR6iH8
OGLf9K+mZ07TqyaZkI8a23PjX5BaYqRxNR+vRsRNVuiFTiPq86++mrMUm+AUTNMJ
I1MyOZITMTCdITonmWIZj2XaFjyRZNd285bf/UqSirYAatinyuptEBlgHmgefYyU
UT/hYMnwiE6ajP5Ep8wbWBEmGqq22LFpaEVAkcTg3kFHxnYV/vt3Wt7l33yLPDwL
Gl3sQ71Njf681afx31ztv9CY+No2GTUtUjpUw074d/8SrIj0VWi+uzxNKtHtNaPR
jCfYVWWdbWm7wOfxjRk4O6F0SLh1fnkeVlHUpLTFJ/+j6j3c5BYrnTDL87+Uv/Bc
5WPjQ9xvctATout0bKszsgL70nOpSBYaFhct9wX5cdPgKiWB9upjW0nM25EMPK42
EE4Q2bgeDGGLfUubn//NSR33zI9OrglQNn9VeY9BrvyvKZ97nS2YRs5ZvTpY6miu
YjOe+NTzr0NcurMOVg/8Jx17UNVcbawd8lg0fA7AUqIzIMoJgI6k6MF+sIipfhj0
oEUUJNT0CzLYuIhkEB5n
=MJhw
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic