Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <53C40F02.5030802@redhat.com>
Date: Mon, 14 Jul 2014 11:10:26 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open]
 segmentation fault/buffer overrun in pack.c (encodes)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14/07/14 11:01 AM, Ramon de C Valle wrote:
> The fix for the (off-by-one) issue was added in
> https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/46778.
> Is MITRE or Red Hat going to assign a CVE for it?

I (and by extension Red Hat) are no longer doing the CVE assignments
for public issues here unless it is a time dependant emergency,
basically any CVE requests here will be handled by Mitre.

- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTxA8BAAoJEBYNRVNeJnmTQecP/i+ZpwCqVpra/KG4NIs/HWTh
bzsSq17Q8DQ+VmM5aar19D9xJT6ap6zeR0pHfsNbeN+YOGyjLKfGRc5mOGWwy0do
+mfCiqvHX3khA5T73EJK5DsValsQPhXzt0moVA+a3iY5yyFhzyj+MB85b+3LU4CL
RiBk9zhi8HxReVAk9cHxTEhNz9dTML+ukMeLhTbAeDXY79R3hXfvgYYfe32eT7xe
tn4d+Rf6Sic30FF7AQWOyLnuIYjM+kTLqw9d56SoqyXAAr9a0SU9CQFb9vI5RD6E
ZgEBiGoBiJdmN5W6Mzf8M2/0990/XLttzWbSFdrsUlcLAELFaTb1nLAxvIdEtVip
IkpEh53x7modo5OyUR42/Tr0R3n0m7g+5i3c0TwMuH+KFO3MhvzmwCYbPUUsFMqP
egaaXiJBa0y8Kej6K/Aqm1ua/0AHhIIWCy8xLoPi9Q2GJLSTRl42gyN6F2gmXi0r
eDbIj2t+O7U84YLITtzil8IwFZKnO2RdfyIHKvSouhgkWszAr707vP0X5s8FCOL2
1k1r+hv5R72ZCKVuMKQjVjNGmpD4NVGclD5RlKSnMtdeeIqlBSz3jaVihRwB/r8O
wRRKZ/n/uLAkML8VFWGKqJgF35tUq/84Xs+W2Wu/AUeozyFtEBTQnA7aoxfKhqxB
1G9UwkloGN4a+UWPxtZo
=HXAc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.