Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1F2D4DA31CA62740BFF46830A0E6A4F712D4C415@EXMBX-TJ002.tencent.com>
Date: Wed, 30 Aug 2017 02:48:24 +0000
From: winsonliu(刘科) <winsonliu@...cent.com>
To: Vladis Dronov <vdronov@...hat.com>, "oss-security@...ts.openwall.com"
	<oss-security@...ts.openwall.com>, Alan Coopersmith
	<alan.coopersmith@...cle.com>
CC: cve-assign <cve-assign@...re.org>
Subject: RE: CVE Request: Multiple security issues in OpenJPEG

Hello,

I've already submitted these issues to https://cveform.mitre.org/ . As expected, four CVE numbers will be assigned since some of them have the same root cause.

Regards,
Ke

-----Original Message-----
From: winsonliu
Sent: 2017年8月25日 20:16
To: 'Vladis Dronov' <vdronov@...hat.com>; 'oss-security@...ts.openwall.com' <oss-security@...ts.openwall.com>; 'Alan Coopersmith' <alan.coopersmith@...cle.com>
Cc: 'cve-assign' <cve-assign@...re.org>
Subject: RE: [oss-security] CVE Request: Multiple security issues in OpenJPEG

Hello,

I'll submit them to cveform next week. And I'll update this thread when more information is available.

Regards,
Ke

-----Original Message-----
From: winsonliu 
Sent: 2017年8月24日 9:26
To: 'Vladis Dronov' <vdronov@...hat.com>; oss-security@...ts.openwall.com; 'Alan Coopersmith' <alan.coopersmith@...cle.com>
Cc: cve-assign <cve-assign@...re.org>
Subject: RE: [oss-security] CVE Request: Multiple security issues in OpenJPEG

I'm afraid no CVEs were assigned. At least I did not submit these issues to https://cveform.mitre.org/ 

Regards,
Ke

-----Original Message-----
From: Vladis Dronov [mailto:vdronov@...hat.com] 
Sent: 2017年8月23日 19:53
To: oss-security@...ts.openwall.com
Cc: winsonliu <winsonliu@...cent.com>; cve-assign <cve-assign@...re.org>
Subject: Re: [oss-security] CVE Request: Multiple security issues inOpenJPEG(Internet mail)

> Most of these seem to be fixed now in OpenJPEG's recent 2.2.0 release.
> Did CVE id's ever get assigned for them?

If no one reported them and requested CVE-ids via https://cveform.mitre.org/ then I suppose not, no CVE-ids were assigned.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.