|
Message-ID: <1155856394.45069423.1414045220348.JavaMail.zimbra@redhat.com> Date: Thu, 23 Oct 2014 02:20:20 -0400 (EDT) From: Arun Babu Neelicattu <abn@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 Pinging this thread, since there has been no response since September 17. ----- Original Message ----- > From: "Arun Babu Neelicattu" <abn@...hat.com> > To: oss-security@...ts.openwall.com > Sent: Wednesday, September 17, 2014 2:10:16 PM > Subject: [oss-security] Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 > > Recently Apache Tomcat issued an advisory [1] for CVE-2013-4444 [2]. However, > this flaw was reported to the Apache Tomcat Security team last year. We were > instructed that Apache Tomcat team did not consider this a vulnerability. > Red Hat Product Security handled this issue as CVE-2013-2185 [3] in our > affected products. > > We request that CVE-2013-4444 be marked as a duplicate of CVE-2013-2185. > > -arun > > [1] http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.40 > [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444 > [3] https://bugzilla.redhat.com/CVE-2013-2185 > > -- > Arun Neelicattu / Red Hat Product Security > PGP: 0xC244393B 5229 F596 474F 00A1 E416 CF8B 36F5 5054 C244 393B >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.