mailing list archives
Re: Re: CVE-2011-4858 confusion
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 4 Jan 2012 13:02:26 -0700
* [2012-01-04 09:50:48 -0500] cve-assign () mitre org wrote:
MITRE is still working on this. Our current perspective is that
CVE-2011-4084 is one vulnerability that was confirmed by the upstream
vendor, and CVE-2011-4858 is a different vulnerability that was not
confirmed by the upstream vendor. There are apparently related test
cases and test results that are not yet public.
We received an email from upstream Tomcat asking us to make that change.
CVE-2011-4858 is the CVE for the hash collision issue.
I'm cc'ing Mark who made the original request to us. Mark, could you
Vincent Danen / Red Hat Security Response Team