Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <123634419.1821504.1312480424402.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Thu, 4 Aug 2011 13:53:44 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com, coley@...us.mitre.org
Subject: Re: CVE Request: foomatic-gui



----- Original Message -----
> On Fri, 2011-08-05 at 00:17 +1000, dave bl wrote:
> > So while there aren't that many "users" of the old
> > system-config-printer - it appears that debian old-stable (lenny)
> > maybe vulnerable (where python-smbc is not available) ... is it
> > worth
> > while giving system-config-printer a 2008 CVE as well (if none
> > currently exists).
> 
> Yes, I think it is worth doing that.
> 

This request doesn't really make any sense. It deserves a 2011 ID, that's
when the flaw was discovered.

My impression is that the code is the same, which means they will share the
same ID. If the code is totally different, we will want to split. Time, you
know best, is the code in question the same, or is it different?

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.