Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.64.1005191855080.13965@faron.mitre.org>
Date: Wed, 19 May 2010 18:59:42 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Josh Bressers <bressers@...hat.com>
cc: Hanno Böck <hanno@...eck.de>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        oss-security@...ts.openwall.com
Subject: Re: CVE request: phpbb 3.0.7 and before 3.0.5


On Wed, 19 May 2010, Josh Bressers wrote:

> ----- "Hanno Böck" <hanno@...eck.de> wrote:
>> Am Dienstag 18 Mai 2010 schrieb Josh Bressers:
>>>
>>>     http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445
>>>     # [Sec] Only use forum id supplied for posting if global
>>>     announcement detected. (Reported by nickvergessen)
>>>
>>> CVE-2010-1630 phpbb 3.0.5 unspecified flaw
>>
>> Shouldn't this be CVE-2009-XXXX ?

Ideally yes, but the ID is out there so we may as well use it.  This 
happens sometimes.  It doesn't look like it became "widely public" until a 
couple months ago, so a 2010 ID isn't too bad.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.