Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20160915220008.70B7972E020@smtpvbsrv1.mitre.org>
Date: Thu, 15 Sep 2016 18:00:08 -0400 (EDT)
From: cve-assign@...re.org
To: noloader@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Does a documentation bug elevate to CVE status? - Crypto++

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> did not tell users that they must define -DNDEBUG when using alternate
> build systems, like Autotools or CMake

> machinery could engage that
> egresses the sensitive information to the file system (core files and
> the like). On some platforms, like Ubuntu with Apport, Apple with
> CrashReporter, and Windows with Windows Error Reporting, the sensitive
> information is egressed to a third party

Use CVE-2016-7420 for this Crypto++ (aka cryptopp) vulnerability.

In general, documentation bugs can have CVEs. Maybe the easiest
example to find is CVE-2010-4179.
http://www.openwall.com/lists/oss-security/2015/11/10/12 is another
example of how misleading documentation can have a CVE.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX2xl8AAoJEHb/MwWLVhi2cUUP/RAYclh+VWjbrJskPz/HaJUL
lL8Pveg4jRTcU+CYN5R5sBoPajPAEthbv+UyWg7H3d2vW905yh2sy5hUnKj6weuG
v8pFDXEqWXY4OKaaXRVp9FcDd5pFR+YWHAGddzilWuOTyIZ6KOQeiKo8GG/og5/d
2YanGHpD884MGB189SB+LZcUv/NjYl5X4ONIM4nR/t3KlpRA9kWYBi0o9KwSrStS
jb3kK3ZiKw60WmVuwfRbvklb8zDSvxhMRpiqrOju2HgiY5E0ajZOhQQwEoNdcnlO
HA0IYW5BJO83coM8a7c1z3RRrmncJucZL8uxcPistwKhZyWFnvAKnp2zpNnmGM2S
z3CcTK1h7U+434xCNcKXTWFnMr4+WWIS9N8NfYyAFbGY+5nZ/G2Dpro9ObQQIikG
zzrwdVgdWxrXKUeP5mfqM5F0GDhKNZIK1nKX++7S/y4HO4xBJAwyHKXRg42S4yX0
yfUbknygpqKrJGIG1EjOzUqmlgS2nsclq6nJRv5YuJgTqRh6ZQC7b/Zwr+Sil8tP
ZLu4kv1IVv52Z5jjk1pUfHe6AW2lfu82iUzKFZaW0m9MUaq9ULNL3+CSkUBM4oxv
ay2L+gKNE4SExGYj7brfYkm/1r5d7eo7WIrINrbdz6XojOKKbCAs4nTlvKQoVn9m
esrwC4mjLKJ8/DHt7D7X
=du18
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.