|
Message-Id: <20160915220008.70B7972E020@smtpvbsrv1.mitre.org> Date: Thu, 15 Sep 2016 18:00:08 -0400 (EDT) From: cve-assign@...re.org To: noloader@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Does a documentation bug elevate to CVE status? - Crypto++ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > did not tell users that they must define -DNDEBUG when using alternate > build systems, like Autotools or CMake > machinery could engage that > egresses the sensitive information to the file system (core files and > the like). On some platforms, like Ubuntu with Apport, Apple with > CrashReporter, and Windows with Windows Error Reporting, the sensitive > information is egressed to a third party Use CVE-2016-7420 for this Crypto++ (aka cryptopp) vulnerability. In general, documentation bugs can have CVEs. Maybe the easiest example to find is CVE-2010-4179. http://www.openwall.com/lists/oss-security/2015/11/10/12 is another example of how misleading documentation can have a CVE. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX2xl8AAoJEHb/MwWLVhi2cUUP/RAYclh+VWjbrJskPz/HaJUL lL8Pveg4jRTcU+CYN5R5sBoPajPAEthbv+UyWg7H3d2vW905yh2sy5hUnKj6weuG v8pFDXEqWXY4OKaaXRVp9FcDd5pFR+YWHAGddzilWuOTyIZ6KOQeiKo8GG/og5/d 2YanGHpD884MGB189SB+LZcUv/NjYl5X4ONIM4nR/t3KlpRA9kWYBi0o9KwSrStS jb3kK3ZiKw60WmVuwfRbvklb8zDSvxhMRpiqrOju2HgiY5E0ajZOhQQwEoNdcnlO HA0IYW5BJO83coM8a7c1z3RRrmncJucZL8uxcPistwKhZyWFnvAKnp2zpNnmGM2S z3CcTK1h7U+434xCNcKXTWFnMr4+WWIS9N8NfYyAFbGY+5nZ/G2Dpro9ObQQIikG zzrwdVgdWxrXKUeP5mfqM5F0GDhKNZIK1nKX++7S/y4HO4xBJAwyHKXRg42S4yX0 yfUbknygpqKrJGIG1EjOzUqmlgS2nsclq6nJRv5YuJgTqRh6ZQC7b/Zwr+Sil8tP ZLu4kv1IVv52Z5jjk1pUfHe6AW2lfu82iUzKFZaW0m9MUaq9ULNL3+CSkUBM4oxv ay2L+gKNE4SExGYj7brfYkm/1r5d7eo7WIrINrbdz6XojOKKbCAs4nTlvKQoVn9m esrwC4mjLKJ8/DHt7D7X =du18 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.