Re: Qt SSL endless loop

["Steven M. Christey" <coley () linus mitre org>]

Just to close this up.  I have actually preserved CVE-2010-2621 and have 
marked CVE-2010-2533 as a duplicate, which is contrary to what Vincent 
said.

MITRE is ultimately the authority on which CVE should be rejected when 
duplicates arise.  See 
http://cve.mitre.org/cve/editorial_policies/duplicates.html for the 
criteria that I generally follow (every once in a while, a behemoth 
"authoritative source" wins, though generally there is an expectation that 
their ID will become more ubiquitous in the future anyway.)

- Steve



On Mon, 19 Jul 2010, Vincent Danen wrote:

> * [2010-07-19 10:49:36 +0200] Ludwig Nussel wrote:
>
> > Vincent Danen wrote:
> > > * [2010-07-16 11:19:09 -0400] Josh Bressers wrote:
> > >
> > > >Please use CVE-2010-2533
> > >
> > > Wasn't this already assigned CVE-2010-2621?
> > >
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621
> > >
> > > It links to the same advisory (qtsslame-adv.txt) and that only seems to
> > > be reporting one single problem.
> >
> > Oops, indeed. We've overlooked that assignment. Sorry for the confusion :-/
>
> No problem.  We need to discard the new one then (discard CVE-2010-2621
> as a dupe of CVE-2010-2533).
>
> --
> Vincent Danen / Red Hat Security Response Team