oss-sec mailing list archives
Re: CVE Request: WebAuth: Authentication credential disclosure
From: Russ Allbery <rra () debian org>
Date: Thu, 16 May 2013 12:35:40 -0700
Salvatore Bonaccorso <carnil () debian org> writes:
Could a CVE be assigned for this issue in WebAuth (Cc'ing Russ Allbery):
Ack, sorry, I considered asking for a CVE and then decided not to since I wasn't sure anyone would really care given the limited deployment of the affected code. That was probably the wrong decision, particularly based on Kurt's comments yesterday, so I probably should have gone ahead and done it and included it in the advisory. I'm happy to include a CVE in the advisory and in the Debian experimental changelog going forward. -- Russ Allbery (rra () debian org) <http://www.eyrie.org/~eagle/>
Current thread:
- CVE Request: WebAuth: Authentication credential disclosure Salvatore Bonaccorso (May 16)
- Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 16)
- Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried (May 18)
- Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 18)
- Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried (May 18)
- Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 18)