oss-sec mailing list archives
RE: Confused with Drupal CVEs
From: "Christey, Steven M." <coley () mitre org>
Date: Thu, 4 Apr 2013 16:32:56 +0000
Henri, While SA-CONTRIB-2013-001 listed only one CVE, CVE-2013-0181, there were two vulnerabilities that were found by different researchers. While they were originally merged into a single CVE (same vulnerability type), we also have guidelines that SPLIT issues into different groups if they are found by different researchers. So, the MITRE team SPLIT these CVEs accordingly, after the initial erroneous assignment. We listed http://www.openwall.com/lists/oss-security/2013/01/15/3 as a reference for the new/split CVE-2013-2715 because this was effectively where the vulnerability was more widely disclosed. - Steve
-----Original Message----- From: Henri Salo [mailto:henri () nerv fi] Sent: Thursday, April 04, 2013 2:58 AM To: oss-security () lists openwall com Subject: [oss-security] Confused with Drupal CVEs Hello, SA-CONTRIB-2013-001 https://drupal.org/node/1884332 CVE-2013-0181 Why does http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2715 link to http://www.openwall.com/lists/oss-security/2013/01/15/3 Duplicate? --- Henri Salo
Current thread:
- Confused with Drupal CVEs Henri Salo (Apr 04)
- RE: Confused with Drupal CVEs Christey, Steven M. (Apr 04)