Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Feb 2011 18:02:06 +0100
From: Ralf Corsepius <rc040203@...enet.de>
To: Vincent Danen <vdanen@...hat.com>
CC: oss-security@...ts.openwall.com, 
 "Steven M. Christey" <coley@...us.mitre.org>,
 Shawn M Moore <sartak@...tpractical.com>, security@...tpractical.com, 
 Jan Lieskovsky <jlieskov@...hat.com>
Subject: Re: Re: CVE Request -- rt3 -- two issues: 1) Improper
 management of form data resubmittion upon user log out 2) SQL queries information
 leak by user account transition

On 02/24/2011 05:45 PM, Vincent Danen wrote:
> * [2011-02-23 14:06:58 -0500] Josh Bressers wrote:
>
>>> Is Redhat packaging RT now, or are you just handling the CVEs?
>>
>> I'm not aware of Red Hat packaging RT. I'm just assign CVE ids to
>> public issues.
>
Folks, my feel is you all are picking on words and details.

> RT3 is packaged in Fedora and EPEL.
>
Correct. rt3 is community maintained in Fedora and RHEL. I am doing so 
for Fedora and other people do for RHEL.
So, strictly speaking it's not "Red Hat packaged", but 
community-contributed to "Red Hat owned products" (Fedora rsp. Fedora 
EPEL) and some folks @RH are filing CVS against it, for reasons I don't 
know.

Ralf

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ