oss-sec mailing list archives
Re: Re: CVE-2011-4858 confusion
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 4 Jan 2012 13:02:26 -0700
* [2012-01-04 09:50:48 -0500] cve-assign () mitre org wrote:
MITRE is still working on this. Our current perspective is that CVE-2011-4084 is one vulnerability that was confirmed by the upstream vendor, and CVE-2011-4858 is a different vulnerability that was not confirmed by the upstream vendor. There are apparently related test cases and test results that are not yet public.
We received an email from upstream Tomcat asking us to make that change. CVE-2011-4858 is the CVE for the hash collision issue. I'm cc'ing Mark who made the original request to us. Mark, could you please clarify? Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE-2011-4858 confusion Sebastian Krahmer (Jan 04)
- Re: CVE-2011-4858 confusion cve-assign (Jan 04)
- Re: Re: CVE-2011-4858 confusion Vincent Danen (Jan 04)
- Re: Re: CVE-2011-4858 confusion Mark Thomas (Jan 05)
- Re: Re: CVE-2011-4858 confusion Vincent Danen (Jan 04)
- Re: CVE-2011-4858 confusion cve-assign (Jan 06)
- Re: CVE-2011-4858 confusion cve-assign (Jan 04)