[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Numerous unconfirmed FOSS CVEs disclosed on FD mailing list
From:       Christian Brabandt <cb () 256bit ! org>
Date:       2024-01-28 21:24:18
Message-ID: ZbbGAnbaKYLONs8g () 256bit ! org
[Download RAW message or body]


On Sa, 27 Jan 2024, Matthew Fernandez wrote:

> On 1/27/24 08:53, Alan Coopersmith wrote:
> > While I can't speak for all the projects involved, I can speak for the
> > X.Org maintainers & security team, and I can say that we were not
> > consulted or informed about this CVE filing - if I wasn't on the FD
> > mailing list, I wouldn't even know it had happened.   The CNA responsible
> > has not yet published the CVE to the CVE database yet, so we can't yet
> > file a dispute, but once they do, I plan to request that they withdraw
> > CVE-2023-45916 for xedit, as there is no security boundary crossed here
> > and the bug doesn't allow someone to do anything they otherwise couldn't.
> 
> We (the Graphviz maintainers) were also not consulted/informed. Though we do
> not plan to contest the CVE.

Same here for Vim. I wasn't aware of this and don't think it's a 
security issue per se of Vim.

Thanks,
Christian
-- 
Tatsächlich weicht in Wahrheit die Realität häufig von der Wirklichkeit ab.
[prev in list] [next in list] [prev in thread] [next in thread]