oss-sec mailing list archives
Re: CVE request: PHP MOPS-2010-56..60
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 24 Aug 2010 13:00:27 -0400 (EDT)
On Tue, 24 Aug 2010, Tomas Hoger wrote:
Standard practice is to use new CVE. As all 5 phar MOPS were covered under single CVE, and not all of them were fixed in 5.3.3, I'd expect a new "incomplete fix" CVE.
That's appropriate in this case. I'll let Josh assign a CVE to avoid the possibility of dupes.
General practice (subject to modification on a case-by-case basis) is: - issue was never fixed and never claimed to be fixed: use original CVE (probably triggers an update to description for affected versions) - issue was claimed fixed but the fix was incomplete: use new CVE - issue was never fixed but claimed to be fixed: ??? (it's happened a few times) - Steve
Current thread:
- Re: CVE request: PHP MOPS-2010-56..60, (continued)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Thomas Biege (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Josh Bressers (Aug 25)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)