Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 28 Feb 2012 15:27:31 -0700

On 02/28/2012 12:18 PM, cve-assign () mitre org wrote:
Argh sorry cut and paste the wrong CVE # into novell's bugzilla.
Can we just remove it from there please?

Removing Comment 4 from 
https://bugzilla.novell.com/show_bug.cgi?id=749036 is definitely a 
good idea, but MITRE will also do a REJECT of the CVE-2006-7248 
identifier to address the issue more completely.

We often see vendors of CVE compatible products and services
picking up new CVE mappings from oss-security postings, and from
references cited in oss-security postings, and this often happens
on the day of the posting. Some vendors primarily just want the
mapping, and aren't really investigating the issues or possible
discrepancies. So, here, it's plausible that:

Yeah, speaking as someone who did that for 9.5 years (and sent you cve
dupes and errors I found =) my only comment would be people who
automatically consume CVE with no checks and balances are going to
have problems regardless (people make typos, systems do strange
things, etc.).

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]