oss-sec mailing list archives
Re: Bugzilla 3.7.1 CVE request
From: Moritz Muehlenhoff <jmm () debian org>
Date: Thu, 8 Jul 2010 22:44:14 +0200
Reed Loden wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 6 Jul 2010 00:51:40 -0600 Kurt Seifried <kurt () seifried org> wrote:CVE # for this please. http://www.bugzilla.org/security/3.7.1/This security issue only affects the 3.7 and 3.7.1 development "snapshots" (basically, alpha/beta quality). It's highly unlikely that any distro would be tracking this unstable version/branch, so is a CVE really required? If so, Mozilla can assign one from its pool. I usually deal with getting CVEs assigned for Bugzilla issues, and I just didn't think this one required one... However, maybe I was mistaken in that.
I don't think that development snapshots needs a CVE ID, but there's at least one more Bugzilla vulnerability fixed in a release which hasn't been assigned a CVE ID so far: http://www.bugzilla.org/security/3.2.3/ https://bugzilla.mozilla.org/show_bug.cgi?id=495257 Cheers, Moritz
Current thread:
- Bugzilla 3.7.1 CVE request Kurt Seifried (Jul 06)
- Re: Bugzilla 3.7.1 CVE request Reed Loden (Jul 06)
- Re: Bugzilla 3.7.1 CVE request Moritz Muehlenhoff (Jul 08)
- Re: Bugzilla 3.7.1 CVE request Reed Loden (Jul 06)