oss-sec mailing list archives
Re: CVE Request (nagios)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 16 Dec 2008 21:18:20 -0500 (EST)
On Thu, 11 Dec 2008, Jan Lieskovsky wrote:
I can't follow this. Nagios 3.0.5 should fix two issues:
Neither can I. I'm not sure if we need to clean up the CVE descriptions or not. Note that general CVE practice is - if you have vuln X in version 1, and you don't completely fix X, then we give a separate CVE for version 2. In this case, I'd probably want to modify CVE-2008-5028 to say it's related to "submission of external commands" which is in the 3.0.6 changelog, then refer to the original, pre-3.0.5 CSRF as the "Tim Starling" bug or something like that. - Steve
Current thread:
- Re: CVE Request (nagios), (continued)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Jan Lieskovsky (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 10)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 10)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 10)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 10)
- Re: CVE Request (nagios) Jan Lieskovsky (Dec 11)
- Re: CVE Request (nagios) Steven M. Christey (Dec 16)