oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE oops in GLSA 201308-05 (wireshark)

From: cve-assign () mitre org
Date: Wed, 28 Aug 2013 14:10:10 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I just saw via a Gentoo bug report that their GLSA 201308-05 advisory
mentioned some CVEs as related to wireshark that were incorrect.

Instead of mentioning CVE-2013-{3560,3561,3562} they mentioned
CVE-2013-{3540,3541,3542}. I checked on MITRE's site and those three
are still reserved.

I don't know who those three (354[012]) are assigned to, but you might
want to see if they've been used already or not and dupe them against
356[012] if they have not.


Those are in use:

http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0085.html

Airlive
CVE-2013-3540. Cross Site Request Forgery(CWE-352) and Clickjacking(CAPEC-103) 
CVE-2013-3541. Relative Path Traversal(CWE-23)

Grandstream
CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSHjxYAAoJEGvefgSNfHMdTzwH/imDk8DaDY4Q3FyKkFrO2r2q
70cQCSbBWjMdU/GsFErfpeurrreNtjuROSUWTgI9P8AEtyFfdC6XicQcEetlkueY
rwwghhbim3APXYODX0cxx3K7Ww38BhXfa8iZXjRs1Rn9oj1OLWB0+X9XY1KTd2Pb
FLoyAOrVVYWOIn029osm5nG8lSJCzyJz21u1ErSB8nXDzTQSMtIIgkRaX229fo0d
VV+1OXmNwKbMwZeqRQUaHNC21Djo6SzLtEBFkCcVrb+kQArkVT+DPVHlxHtqOtTW
d4NMX0LwAK0GVk1m4PW6PkRsOX/+iXuPEDJ04OpGE6W8a/PBrxTmVEbFIS01PIw=
=tPeQ
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: