oss-sec mailing list archives
Re: Re: Duplicate CVE: CVE-2015-7703 in NTP
From: Florian Weimer <fweimer () redhat com>
Date: Fri, 23 Oct 2015 23:53:04 +0200
On 10/23/2015 06:39 PM, Kurt Seifried wrote:
I'm going to also ensure we communicate our CVE's to upstreams, I could swear we did in this case but I can't find a specific artifact (e.g. sent email) of doing so from myself (but quite often I just assign the CVE and other people are handling the issue so that wouldn't be to abnormal) so I'm going to go on the assumption we failed to do so properly and update our process as well to ensure we do.
This is not the case. <security () ntp org> was notified on 2015-08-20. As the flaws were of low impact and there was no reaction, we disclosed the issues here: <http://openwall.com/lists/oss-security/2015/08/25/3> I don't know what else we can do to avoid duplicates. Florian
Current thread:
- Duplicate CVE: CVE-2015-7703 in NTP Martin Prpic (Oct 22)
- Re: Duplicate CVE: CVE-2015-7703 in NTP cve-assign (Oct 23)
- Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Kurt Seifried (Oct 23)
- Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Florian Weimer (Oct 23)
- Re: Duplicate CVE: CVE-2015-7703 in NTP Brad Knowles (Oct 23)
- Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Kurt Seifried (Oct 23)
- Re: Duplicate CVE: CVE-2015-7703 in NTP cve-assign (Oct 23)