|
Message-ID: <CAHmME9rN4hQn+sNv_TRVoeDVbovxb4=_SHQ12oBpqPXyZjyEfA@mail.gmail.com> Date: Mon, 7 Mar 2016 20:29:37 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: Cgit XSS "vulnerability" has no CVE? On Mon, Mar 7, 2016 at 7:46 PM, Peter Bex <peter@...e-magic.net> wrote: > Considering that it's been "fixed", I thought a CVE might be useful to > trigger distros to include the patch. Without a CVE, distros like > Debian and RedHat will keep using the unpatched version, which is a > shame if such an easy fix is available. Considering so many of the other example filters have the same problem, I don't think this will buy much. However, after I revamp the example filters into a nice "one stop" solution for lots of filetypes, we can start promoting that various places for its security benefits.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.