oss-sec mailing list archives

Re: CVE id request: newsbeuter

From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 4 Sep 2008 19:32:03 +0200

Hi Steve,
* Steven M. Christey <coley () linus mitre org> [2008-09-04 19:12]:

On Thu, 4 Sep 2008, Nico Golde wrote:

Please use version 1.2 here as the fix for 1.1 was
incomplete.


Our interpretation was that 1.1 fixes the vulnerability, but a
non-security bug forced the release of 1.2.  So 1.1, while perhaps
unusable in practice, was safe from the vuln.

Was that an incorrect interpretation?


Yes that is correct.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE id request: newsbeuter Nico Golde (Sep 01)
- Re: CVE id request: newsbeuter Nico Golde (Sep 02)
- Re: CVE id request: newsbeuter Steven M. Christey (Sep 04)
  - Re: CVE id request: newsbeuter Nico Golde (Sep 04)
    - Re: CVE id request: newsbeuter Steven M. Christey (Sep 04)
    - Re: CVE id request: newsbeuter Nico Golde (Sep 04)