oss-sec mailing list archives

RE: Confused with Drupal CVEs

From: "Christey, Steven M." <coley () mitre org>
Date: Thu, 4 Apr 2013 16:32:56 +0000

Henri,

While SA-CONTRIB-2013-001 listed only one CVE, CVE-2013-0181, there were two vulnerabilities that were found by 
different researchers.  While they were originally merged into a single CVE (same vulnerability type), we also have 
guidelines that SPLIT issues into different groups if they are found by different researchers.  So, the MITRE team 
SPLIT these CVEs accordingly, after the initial erroneous assignment.  We listed 
http://www.openwall.com/lists/oss-security/2013/01/15/3 as a reference for the new/split CVE-2013-2715 because this was 
effectively where the vulnerability was more widely disclosed.

- Steve

-----Original Message-----
From: Henri Salo [mailto:henri () nerv fi]
Sent: Thursday, April 04, 2013 2:58 AM
To: oss-security () lists openwall com
Subject: [oss-security] Confused with Drupal CVEs

Hello,

SA-CONTRIB-2013-001 https://drupal.org/node/1884332 CVE-2013-0181

Why does http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2715
link to http://www.openwall.com/lists/oss-security/2013/01/15/3

Duplicate?

---
Henri Salo

Current thread:

Confused with Drupal CVEs Henri Salo (Apr 04)
- RE: Confused with Drupal CVEs Christey, Steven M. (Apr 04)