oss-sec mailing list archives
Re: CVE request: PHP MOPS-2010-56..60
From: Josh Bressers <bressers () redhat com>
Date: Wed, 25 Aug 2010 10:22:57 -0400 (EDT)
Please use CVE-2010-2950
Thanks.
--
JB
----- "Steven M. Christey" <coley () linus mitre org> wrote:
On Tue, 24 Aug 2010, Tomas Hoger wrote:Standard practice is to use new CVE. As all 5 phar MOPS werecoveredunder single CVE, and not all of them were fixed in 5.3.3, I'dexpect anew "incomplete fix" CVE.That's appropriate in this case. I'll let Josh assign a CVE to avoid the possibility of dupes. General practice (subject to modification on a case-by-case basis) is: - issue was never fixed and never claimed to be fixed: use original CVE (probably triggers an update to description for affected versions) - issue was claimed fixed but the fix was incomplete: use new CVE - issue was never fixed but claimed to be fixed: ??? (it's happened a few times) - Steve
Current thread:
- Re: CVE request: PHP MOPS-2010-56..60, (continued)
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Thomas Biege (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Josh Bressers (Aug 25)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)