oss-security - Fw: python CVE typoed in Mageia advisory

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <1377536670.14534.YahooMailNeo@web140505.mail.bf1.yahoo.com>
Date: Mon, 26 Aug 2013 10:04:30 -0700 (PDT)
From: David Walser <luigiwalser@...oo.com>
To: "\"cve-assign@...re.org\"" <cve-assign@...re.org>,
  "\"oss-security@...ts.openwall.com\"" <oss-security@...ts.openwall.com>,
  "\"lwn@....net\"" <lwn@....net>
Cc: "security@...up.mageia.org" <security@...up.mageia.org>,
  "tmb@....fi" <tmb@....fi>
Subject: Fw: python CVE typoed in Mageia advisory

More CVE confusion, and this time it's my fault.  For the recent Python 

ssl.match_hostname security issue, which was assigned CVE-2013-4238 here:
http://www.openwall.com/lists/oss-security/2013/08/13/2

I typoed it as CVE-2013-4328 while we (Mageia) were preparing the update and it 
made it into our advisories:
http://advisories.mageia.org/MGASA-2013-0250.html
http://advisories.mageia.org/MGASA-2013-0252.html

So I think we'll get our advisories corrected soon.  LWN, could you please 
re-file them under the new vulnerability entry for the correct CVE?
http://lwn.net/Vulnerabilities/563961/ - typoed one
http://lwn.net/Vulnerabilities/564820/ - correct one

Sorry about this.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.