Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: Curl insecure usage
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 28 Nov 2012 13:32:58 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/27/2012 03:55 PM, Steven M. Christey wrote:

Kurt,

My read is that these are fairly straightforward issues, although
the number of implementations with this problem may be rather high
:-(

Yeah, just wanted to confirm since you guys have to write the
descriptions (well in this case you can probably just use a template
and replace the name/version #). I got no problem assigning lots of CVEs.

So, I'd say that these faulty implementations each deserve their
own CVE, instead of a single ID for Curl.

Will do.

- Steve

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQtnT6AAoJEBYNRVNeJnmTVeYP/19m2xiVA3VldGeKL/VolXYA
EGITcpUoiuq27/GKCEB/mVB4ReSy+DBz9zZxbxaRCFfia3CoTZdmkocW+0yWFK2D
gKALNoF7S+BLqCQFY87xSRcAFjyAEiRKZj8bxkZBFOZgkURRSPQ3yhEwJ6KZJ7gU
eYyt+8PbqoraWD/XQfonavIWJcpJxL72mWvA9jGYerXb0nxyZWSWJ47mAjj7QKI2
Dc4f850Ytbuikwqe9jGw3CTJD8Iv7xqsf5OyPm3Qs2sAvprW/wuW/Vt5wiDCdt3g
eqTZhtr32HzfyKuif1NlN3VBzUUmpHA6Bk6Q6w6ocxm90/Y4Jy9VG5Du9eWQMXrd
lXtwxrvXJGyPwHGAdx89ewCAOTQhk8D2GkC7awzeEB0PDSC9keJVsn/Wo3Hlqujm
UbQ7hT+Ri0/BJK4K04J/5ORkjhoise1M3c50+4uHz7JtJwX5w8y1sFx2Xbte6qL1
A9w5QfrcoKb/fCsRyZNbUtaShAyB38TFBEjYK8Y+HgCErxOPW75P/ba91ORvj7md
LQ2Xcz2WpLaH+O9gLvGY7cPcww8UkRRZraGqHYuKLN5lrx6JyXQBorcdbcsmiJb5
XFvzWe1ZSa1FTmUeom14NjPYcOvI6CkgtUU796u81DOMJVsTiXKKniu0JbC6t4Z6
+NBp0/x5rD+eMlUWnBgC
=ruLl
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]