[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110729163415.GW1476@redhat.com>
Date: Fri, 29 Jul 2011 10:34:16 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE mistake in libsoup release notes
Upstream mistakenly used the wrong CVE name in the recent libsoup
releases. They should have used CVE-2011-2524, but used CVE-2011-2054
instead.
I don't know who's pool CVE-2011-2054 might be in, but I would recommend
rejecting that CVE name and duping it against CVE-2011-2524.
I've seen both Gentoo and Novell reference the wrong CVE name in
bugzilla entries, so I thought I should bring this up.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=720509#c15 and it's
follow-up comment from upstream (they've made the appropriate changes in
git now to reflect the correct CVE name).
So CVE-2011-2524 is the correct CVE, and CVE-2011-2054 is the _wrong_
CVE.
Thanks.
--
Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
