oss-sec mailing list archives
Re: CVE Request: mailman
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 13 Sep 2010 17:34:24 -0400 (EDT)
In this case, all else being equal, lowest ID wins.We will never be perfect due to the lack of sufficient details (or, way too many details), but where possible I prefer to follow the consistency rules when we can, especially when they're pretty clear-cut like this.
It happens :-)In this case, the abstraction issue was discovered quickly, so I'm OK with fixing the abstraction after the fact.
Let's stick with CVE-2010-3089, and I'll flag CVE-2010-3090 for rejection. - Steve On Mon, 13 Sep 2010, Josh Bressers wrote:
----- "Steven M. Christey" <coley () linus mitre org> wrote:Josh, Was there a particular reason to split these into separate CVEs? A quick glance suggests they affect the same version, and since they're the same type, would normally argue for a merge.I have no idea why I did that now that I look at the bugs. I'm sorry. I'll let you pick which ID to use (do you have a policy for this? lowest ID?) Thanks. -- JB
Current thread:
- CVE Request: mailman Huzaifa Sidhpurwala (Sep 13)
- Re: CVE Request: mailman Josh Bressers (Sep 13)
- Re: CVE Request: mailman Steven M. Christey (Sep 13)
- Re: CVE Request: mailman Josh Bressers (Sep 13)
- Re: CVE Request: mailman Steven M. Christey (Sep 13)
- Re: CVE Request: mailman Steven M. Christey (Sep 13)
- Re: CVE Request: mailman Josh Bressers (Sep 13)