oss-sec mailing list archives
RE: request for CVEs for git clients
From: "Christey, Steven M." <coley () mitre org>
Date: Fri, 19 Dec 2014 18:19:10 +0000
Just a quick note, since there has been some confusion or question about whether additional identifiers are necessary for other git clients. If a client uses an "official" git library and inherits the vulnerability from that code, then CVE-2014-9390 is appropriate based on shared libraries / codebases. If there are other git clients that work with the git "protocol" but contain independently-written code (i.e. a separate implementation), and those clients are vulnerable, then each implementation should receive its own ID. - Steve
Current thread:
- request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Julien Cristau (Dec 20)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Alex Gaynor (Dec 18)
- Re: request for CVEs for git clients Reed Loden (Dec 19)
- RE: request for CVEs for git clients Christey, Steven M. (Dec 19)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)