oss-sec mailing list archives
Re: Qt SSL endless loop
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 20 Aug 2010 16:56:02 -0400 (EDT)
Just to close this up. I have actually preserved CVE-2010-2621 and have marked CVE-2010-2533 as a duplicate, which is contrary to what Vincent said.
MITRE is ultimately the authority on which CVE should be rejected when duplicates arise. See http://cve.mitre.org/cve/editorial_policies/duplicates.html for the criteria that I generally follow (every once in a while, a behemoth "authoritative source" wins, though generally there is an expectation that their ID will become more ubiquitous in the future anyway.)
- Steve On Mon, 19 Jul 2010, Vincent Danen wrote:
* [2010-07-19 10:49:36 +0200] Ludwig Nussel wrote:Vincent Danen wrote:* [2010-07-16 11:19:09 -0400] Josh Bressers wrote: >Please use CVE-2010-2533 Wasn't this already assigned CVE-2010-2621? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621 It links to the same advisory (qtsslame-adv.txt) and that only seems to be reporting one single problem.Oops, indeed. We've overlooked that assignment. Sorry for the confusion :-/No problem. We need to discard the new one then (discard CVE-2010-2621 as a dupe of CVE-2010-2533). -- Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Luigi Auriemma (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Raphael Geissert (Jul 02)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
- Re: Qt SSL endless loop Josh Bressers (Jul 16)
- Re: Qt SSL endless loop Vincent Danen (Jul 16)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 19)
- Re: Qt SSL endless loop Vincent Danen (Jul 19)
- Re: Qt SSL endless loop Steven M. Christey (Aug 20)
- Re: Qt SSL endless loop Vincent Danen (Aug 20)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)