oss-sec mailing list archives
Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF)
From: Josh Bressers <bressers () redhat com>
Date: Fri, 6 Nov 2009 14:53:15 -0500 (EST)
----- "Steven M. Christey" <coley () linus mitre org> wrote:
On Wed, 28 Oct 2009, Mark J Cox wrote:I checked and oCERT don't have a name, so use CVE-2009-3721 for this.This advisory covers both buffer overflows and path traversal in the same data field. While these may stem from "input validation" (as many issues do), we would typically assign two separate CVE names, since the fix for a buffer overflow would not necessarily fix the path traversal (or vice versa). Unless there's some deeper reason for using a single CVE, I think we should assign separate CVEs here. If you agree Mark, we can use CVE-2009-3721 for the overflow, and you could assign a new CVE for the traversal.
Let's use CVE-2009-3887 for the traversal then. Thanks. -- JB
Current thread:
- CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Vincent Danen (Oct 27)
- Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Mark J Cox (Oct 28)
- Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Steven M. Christey (Nov 06)
- Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Josh Bressers (Nov 06)
- Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Steven M. Christey (Nov 06)
- Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Mark J Cox (Oct 28)