oss-sec mailing list archives
Re: Re: CVE oops in GLSA 201308-05 (wireshark)
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 28 Aug 2013 14:39:21 -0600
* [2013-08-28 14:10:10 -0400] cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1I just saw via a Gentoo bug report that their GLSA 201308-05 advisory mentioned some CVEs as related to wireshark that were incorrect. Instead of mentioning CVE-2013-{3560,3561,3562} they mentioned CVE-2013-{3540,3541,3542}. I checked on MITRE's site and those three are still reserved. I don't know who those three (354[012]) are assigned to, but you might want to see if they've been used already or not and dupe them against 356[012] if they have not.Those are in use: http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0085.html Airlive CVE-2013-3540. Cross Site Request Forgery(CWE-352) and Clickjacking(CAPEC-103) CVE-2013-3541. Relative Path Traversal(CWE-23) Grandstream CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443)
Ok. I suspect that Gentoo has or will fix any self-published copies of their GLSA but the ones that are archived still contain the incorrect references. Not sure if you need/want to do anything... I just sent the email as a heads-up for you. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 28)
- Re: CVE oops in GLSA 201308-05 (wireshark) cve-assign (Aug 28)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 28)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Alex Legler (Aug 29)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 29)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 28)
- Re: CVE oops in GLSA 201308-05 (wireshark) cve-assign (Aug 28)
- Re: CVE oops in GLSA 201308-05 (wireshark) Sergey Popov (Aug 29)