[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Numerous unconfirmed FOSS CVEs disclosed on FD mailing list
From: Christian Brabandt <cb () 256bit ! org>
Date: 2024-01-28 21:24:18
Message-ID: ZbbGAnbaKYLONs8g () 256bit ! org
[Download RAW message or body]
On Sa, 27 Jan 2024, Matthew Fernandez wrote:
> On 1/27/24 08:53, Alan Coopersmith wrote:
> > While I can't speak for all the projects involved, I can speak for the
> > X.Org maintainers & security team, and I can say that we were not
> > consulted or informed about this CVE filing - if I wasn't on the FD
> > mailing list, I wouldn't even know it had happened. The CNA responsible
> > has not yet published the CVE to the CVE database yet, so we can't yet
> > file a dispute, but once they do, I plan to request that they withdraw
> > CVE-2023-45916 for xedit, as there is no security boundary crossed here
> > and the bug doesn't allow someone to do anything they otherwise couldn't.
>
> We (the Graphviz maintainers) were also not consulted/informed. Though we do
> not plan to contest the CVE.
Same here for Vim. I wasn't aware of this and don't think it's a
security issue per se of Vim.
Thanks,
Christian
--
Tatsächlich weicht in Wahrheit die Realität häufig von der Wirklichkeit ab.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic