Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1797555053.495533413.810249.dregad-mantisbt.org@news.gmane.org>
Date: Wed, 14 Sep 2016 11:03:34 +0200
From: Anonymous <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: ADOdb PDO driver: incorrect quoting
 may allow SQL injection

Andreas Stieger <astieger@...e.com> wrote:

Hi Andreas

Many thanks for your reply. 

> I noticed that in your original e-mail to this list, you did not cc
> cve-assign.

That's true, but I never did in the past, as this mailing list is (or was?)
monitored by mitre, so posting here has been sufficient until now. 

Furthermore in this case I was not quite certain that a CVE was actually
required for this, so I was kind of hoping for guidance. 

> Also note that there are new procedures, including a request
> form, in addition to the previous recommendation to contact a CNA
> https://cve.mitre.org/cve/request_id.html

I was not aware of that, thanks for the heads up. Will follow these
guidelines and use the form in the future. 

Cheers
Damien

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.