Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20160418171550.GA53619@mail.corp.redhat.com>
Date: Mon, 18 Apr 2016 13:15:51 -0400
From: Randy Barlow <rbarlow@...hat.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA
 key/cert to all users

On Mon, Apr 18, 2016 at 11:11:35AM -0400, cve-assign@...re.org wrote:
> Use CVE-2013-7450.

Thank you! I forgot to credit Sander Bos in my initial e-mail for
bringing the lack of CVE for this issue to my attention.

> (We're interpreting this as a request from the Pulp upstream vendor.
> In general, it would be hard for a third party to determine whether a
> "tiny paragraph" was generally recognized as a required part of the
> installation process.)

That's correct, I am a core contributor to the Pulp project.

-- 
Randy Barlow
irc:   bowlofeggs

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.