oss-sec mailing list archives
Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
From: Alessandro Ghedini <ghedo () debian org>
Date: Tue, 14 Jul 2015 00:03:03 +0200
On Mon, Jul 13, 2015 at 05:37:49PM -0400, cve-assign () mitre org wrote:
One complication here is that the CVE request was sent to oss-security without mentioning that a CVE request had been sent privately to one Linux distribution a few weeks before that. See: https://github.com/htacg/tidy-html5/issues/217#issue-84488886 I contacted Debian about the issue on May 17, so far I have not received a response about a CVE assignment. ... Date: Sun, May 17, 2015 at 8:11 PM Subject: tidy heap-buffer-overflow To: security () debian org (added security () debian org to the Cc line) Our only question for Debian is: did Debian already assign any CVE ID(s) for this? If not, then MITRE will.
No, we did not assign any CVE for this issue. FWIW the reason was that by the time we got around to replying to Fernando, the issue had already been made public on GitHub so we recommended him to come straight to oss-security for a CVE assignment. Cheers
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz (Jul 10)
- Re: Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Mark Felder (Jul 12)
- <Possible follow-ups>
- Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow cve-assign (Jul 13)
- Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Alessandro Ghedini (Jul 13)
- Re: Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Alessandro Ghedini (Jul 13)
- Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz (Jul 13)
- Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Alessandro Ghedini (Jul 13)
- Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow cve-assign (Jul 14)