Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <562AAC40.4000002@redhat.com>
Date: Fri, 23 Oct 2015 23:53:04 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Duplicate CVE: CVE-2015-7703 in NTP

On 10/23/2015 06:39 PM, Kurt Seifried wrote:

> I'm going to also ensure we communicate our CVE's to upstreams, I could
> swear we did in this case but I can't find a specific artifact (e.g. sent
> email) of doing so from myself (but quite often I just assign the CVE and
> other people are handling the issue so that wouldn't be to abnormal) so I'm
> going to go on the assumption we failed to do so properly and update our
> process as well to ensure we do.

This is not the case.  <security@....org> was notified on 2015-08-20.
As the flaws were of low impact and there was no reaction, we disclosed
the issues here:

  <http://openwall.com/lists/oss-security/2015/08/25/3>

I don't know what else we can do to avoid duplicates.

Florian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.