Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Bugzilla 3.7.1 CVE request
From: Moritz Muehlenhoff <jmm () debian org>
Date: Thu, 8 Jul 2010 22:44:14 +0200

Reed Loden wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Jul 2010 00:51:40 -0600
Kurt Seifried <kurt () seifried org> wrote:

CVE # for this please.

http://www.bugzilla.org/security/3.7.1/

This security issue only affects the 3.7 and 3.7.1 development
"snapshots" (basically, alpha/beta quality). It's highly unlikely that
any distro would be tracking this unstable version/branch, so is a CVE
really required? If so, Mozilla can assign one from its pool.

I usually deal with getting CVEs assigned for Bugzilla issues, and I
just didn't think this one required one... However, maybe I was
mistaken in that.

I don't think that development snapshots needs a CVE ID, but there's 
at least one more Bugzilla vulnerability fixed in a release which hasn't 
been assigned a CVE ID so far:

http://www.bugzilla.org/security/3.2.3/
https://bugzilla.mozilla.org/show_bug.cgi?id=495257

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]