Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Feb 2011 18:02:06 +0100
From: Ralf Corsepius <>
To: Vincent Danen <>
 "Steven M. Christey" <>,
 Shawn M Moore <>,, 
 Jan Lieskovsky <>
Subject: Re: Re: CVE Request -- rt3 -- two issues: 1) Improper
 management of form data resubmittion upon user log out 2) SQL queries information
 leak by user account transition

On 02/24/2011 05:45 PM, Vincent Danen wrote:
> * [2011-02-23 14:06:58 -0500] Josh Bressers wrote:
>>> Is Redhat packaging RT now, or are you just handling the CVEs?
>> I'm not aware of Red Hat packaging RT. I'm just assign CVE ids to
>> public issues.
Folks, my feel is you all are picking on words and details.

> RT3 is packaged in Fedora and EPEL.
Correct. rt3 is community maintained in Fedora and RHEL. I am doing so 
for Fedora and other people do for RHEL.
So, strictly speaking it's not "Red Hat packaged", but 
community-contributed to "Red Hat owned products" (Fedora rsp. Fedora 
EPEL) and some folks @RH are filing CVS against it, for reasons I don't 


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.