Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: CVE-2011-4858 confusion
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 4 Jan 2012 13:02:26 -0700

* [2012-01-04 09:50:48 -0500] cve-assign () mitre org wrote:

MITRE is still working on this. Our current perspective is that
CVE-2011-4084 is one vulnerability that was confirmed by the upstream
vendor, and CVE-2011-4858 is a different vulnerability that was not
confirmed by the upstream vendor. There are apparently related test
cases and test results that are not yet public.

We received an email from upstream Tomcat asking us to make that change.
CVE-2011-4858 is the CVE for the hash collision issue.

I'm cc'ing Mark who made the original request to us.  Mark, could you
please clarify?


Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]