![]() |
|
Date: Thu, 24 Feb 2011 10:28:34 -0700 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Shawn M Moore <sartak@...tpractical.com>, security@...tpractical.com, Jan Lieskovsky <jlieskov@...hat.com> Subject: Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition * [2011-02-24 18:02:06 +0100] Ralf Corsepius wrote: >On 02/24/2011 05:45 PM, Vincent Danen wrote: >>* [2011-02-23 14:06:58 -0500] Josh Bressers wrote: >> >>>>Is Redhat packaging RT now, or are you just handling the CVEs? >>> >>>I'm not aware of Red Hat packaging RT. I'm just assign CVE ids to >>>public issues. >> >Folks, my feel is you all are picking on words and details. It is possible that Josh didn't realize it was packaged in Fedora and EPEL (we do package quite a few things). >>RT3 is packaged in Fedora and EPEL. >> >Correct. rt3 is community maintained in Fedora and RHEL. I am doing >so for Fedora and other people do for RHEL. >So, strictly speaking it's not "Red Hat packaged", but >community-contributed to "Red Hat owned products" (Fedora rsp. Fedora >EPEL) and some folks @RH are filing CVS against it, for reasons I >don't know. I'm not sure what you mean by that last statement (filing CVS against it). Do you mean filing bugs? -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.