oss-sec mailing list archives
Re: CVE Request/Clarification - PHP
From: "mancha" <mancha1 () hush com>
Date: Fri, 07 Mar 2014 20:00:28 +0000
On Fri, 07 Mar 2014 15:31:00 +0000 cve-assign () mitre org wrote:
Two issues were recently identified as security concerns in libmagic: CVE-2014-1943 (infinite recursion flaw) & CVE-2014-2270 (improper bounds checking). What is the policy regarding CVE allocation for products vulnerable by virtue of bundling copies of vulnerable products (as opposed to, say, linking vulnerable system libraries)? I bring this up because PHP embeds a copy of libmagicA CVE assignment for libmagic (in the file product) can be used by all vendors who bundle libmagic. Different copies of libmagic in different products do not have separate CVE IDs. -- CVE assignment team, MITRE CVE Numbering Authority
Many thanks for that clarification. --mancha
Current thread:
- CVE Request/Clarification - PHP mancha (Mar 05)
- Re: CVE Request/Clarification - PHP cve-assign (Mar 07)
- <Possible follow-ups>
- Re: CVE Request/Clarification - PHP mancha (Mar 07)