oss-sec mailing list archives
Re: CVE request: Curl insecure usage
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 28 Nov 2012 13:32:58 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/27/2012 03:55 PM, Steven M. Christey wrote:
Kurt, My read is that these are fairly straightforward issues, although the number of implementations with this problem may be rather high :-(
Yeah, just wanted to confirm since you guys have to write the descriptions (well in this case you can probably just use a template and replace the name/version #). I got no problem assigning lots of CVEs.
So, I'd say that these faulty implementations each deserve their own CVE, instead of a single ID for Curl.
Will do.
- Steve
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQtnT6AAoJEBYNRVNeJnmTVeYP/19m2xiVA3VldGeKL/VolXYA EGITcpUoiuq27/GKCEB/mVB4ReSy+DBz9zZxbxaRCFfia3CoTZdmkocW+0yWFK2D gKALNoF7S+BLqCQFY87xSRcAFjyAEiRKZj8bxkZBFOZgkURRSPQ3yhEwJ6KZJ7gU eYyt+8PbqoraWD/XQfonavIWJcpJxL72mWvA9jGYerXb0nxyZWSWJ47mAjj7QKI2 Dc4f850Ytbuikwqe9jGw3CTJD8Iv7xqsf5OyPm3Qs2sAvprW/wuW/Vt5wiDCdt3g eqTZhtr32HzfyKuif1NlN3VBzUUmpHA6Bk6Q6w6ocxm90/Y4Jy9VG5Du9eWQMXrd lXtwxrvXJGyPwHGAdx89ewCAOTQhk8D2GkC7awzeEB0PDSC9keJVsn/Wo3Hlqujm UbQ7hT+Ri0/BJK4K04J/5ORkjhoise1M3c50+4uHz7JtJwX5w8y1sFx2Xbte6qL1 A9w5QfrcoKb/fCsRyZNbUtaShAyB38TFBEjYK8Y+HgCErxOPW75P/ba91ORvj7md LQ2Xcz2WpLaH+O9gLvGY7cPcww8UkRRZraGqHYuKLN5lrx6JyXQBorcdbcsmiJb5 XFvzWe1ZSa1FTmUeom14NjPYcOvI6CkgtUU796u81DOMJVsTiXKKniu0JbC6t4Z6 +NBp0/x5rD+eMlUWnBgC =ruLl -----END PGP SIGNATURE-----
Current thread:
- CVE request: Curl insecure usage Moritz Muehlenhoff (Nov 26)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)
- Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
- Re: CVE request: Curl insecure usage Fabian Keil (Nov 29)
- Re: CVE request: Curl insecure usage Moritz Mühlenhoff (Nov 29)
- Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Dec 26)
- Re: CVE request: Curl insecure usage Kurt Seifried (Dec 27)
- Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)