oss-sec mailing list archives

RE: request for CVEs for git clients

From: "Christey, Steven M." <coley () mitre org>
Date: Fri, 19 Dec 2014 18:19:10 +0000

Just a quick note, since there has been some confusion or question about whether additional identifiers are necessary 
for other git clients.

If a client uses an "official" git library and inherits the vulnerability from that code, then CVE-2014-9390 is 
appropriate based on shared libraries / codebases.

If there are other git clients that work with the git "protocol" but contain independently-written code (i.e. a 
separate implementation), and those clients are vulnerable, then each implementation should receive its own ID.

- Steve

Current thread:

request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)
  - Re: request for CVEs for git clients Russ Allbery (Dec 18)
    - Re: request for CVEs for git clients Julien Cristau (Dec 20)
- Re: request for CVEs for git clients Alex Gaynor (Dec 18)
- Re: request for CVEs for git clients Reed Loden (Dec 19)
  - RE: request for CVEs for git clients Christey, Steven M. (Dec 19)