oss-sec mailing list archives
Re: CVE? CCE? dovecot setting is often used incorrectly
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 08 Mar 2008 16:12:15 +0100
* Jonathan Smith:
I've been trying to figure out what to do with this one. I'm not inclined to believe it deserves a CVE given that it is configuration (either dovecot config or filesystem permissions configuration). I read once on mitre.org about "Common Configuration Enumeration" aka "CCE" issues, but I've never seen them actually used. Maybe this is a good candidate?
Debian will release a security update with a patch, so we need a CVE anyway. We might use one from our pool (after all, it's an interplay between our default MTA and Dovecot, and may not be very widespread), or we might reference a generic one. I don't know which one is better.
Current thread:
- CVE? CCE? dovecot setting is often used incorrectly Jonathan Smith (Mar 04)
- Re: CVE? CCE? dovecot setting is often used incorrectly Florian Weimer (Mar 08)
- Re: CVE? CCE? dovecot setting is often used incorrectly Robert Buchholz (Mar 08)
- Re: CVE? CCE? dovecot setting is often used incorrectly Steven M. Christey (Mar 09)
- Re: CVE? CCE? dovecot setting is often used incorrectly Florian Weimer (Mar 08)