Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 24 Feb 2011 10:28:34 -0700
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Shawn M Moore <sartak@...tpractical.com>, security@...tpractical.com,
        Jan Lieskovsky <jlieskov@...hat.com>
Subject: Re: Re: CVE Request -- rt3 -- two issues: 1) Improper
 management of form data resubmittion upon user log out 2) SQL queries
 information leak by user account transition

* [2011-02-24 18:02:06 +0100] Ralf Corsepius wrote:

>On 02/24/2011 05:45 PM, Vincent Danen wrote:
>>* [2011-02-23 14:06:58 -0500] Josh Bressers wrote:
>>
>>>>Is Redhat packaging RT now, or are you just handling the CVEs?
>>>
>>>I'm not aware of Red Hat packaging RT. I'm just assign CVE ids to
>>>public issues.
>>
>Folks, my feel is you all are picking on words and details.

It is possible that Josh didn't realize it was packaged in Fedora and
EPEL (we do package quite a few things).

>>RT3 is packaged in Fedora and EPEL.
>>
>Correct. rt3 is community maintained in Fedora and RHEL. I am doing 
>so for Fedora and other people do for RHEL.
>So, strictly speaking it's not "Red Hat packaged", but 
>community-contributed to "Red Hat owned products" (Fedora rsp. Fedora 
>EPEL) and some folks @RH are filing CVS against it, for reasons I 
>don't know.

I'm not sure what you mean by that last statement (filing CVS against
it).  Do you mean filing bugs?

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ