oss-sec mailing list archives
Re: CVE Request -- Apache CouchDB v.0.11.0 -- timing attacks flaw
From: Alex Legler <a3li () gentoo org>
Date: Wed, 31 Mar 2010 20:39:10 +0200
Hi, On Wed, 31 Mar 2010 19:26:38 +0200, Jan Lieskovsky <jlieskov () redhat com> wrote:
[1] references CVE-2008-2370 as CVE id, but CVE-2008-2370 is Apache Tomcat flaw: [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 Since Apache CouchDB is different code base, susceptible to the same issue as in [3], assuming new CVE identifier is required.
Jan already posted a follow-up (http://seclists.org/fulldisclosure/2010/Mar/554) to his message with an updated ID: CVE-2010-0009 Alex -- Alex Legler | Gentoo Security / Ruby a3li () gentoo org | a3li () jabber ccc de
Attachment:
signature.asc
Description:
Current thread:
- CVE Request -- Apache CouchDB v.0.11.0 -- timing attacks flaw Jan Lieskovsky (Mar 31)
- Re: CVE Request -- Apache CouchDB v.0.11.0 -- timing attacks flaw Alex Legler (Mar 31)