oss-sec mailing list archives
Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android
From: cve-assign () mitre org
Date: Mon, 23 Nov 2015 02:59:50 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android
Is there a typo here? CVE-2015-5257 was already assigned for an issue in drivers/usb/serial/whiteheat.c in the Linux kernel. see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257
The outcome here is that this BridgeSecret vulnerability is now known as CVE-2015-8320, not CVE-2015-5257. (Nobody working on Cordova was involved in any typo or misuse of a CVE ID; however, that does not change the outcome.) CVE-2015-5256 is unaffected by this event. For additional details, see some or all of the following URLs later today or tomorrow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5256 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8320 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5275 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWUsYoAAoJEL54rhJi8gl5ymkQAJftRBBnk52E/5xni8vgGSBR Ar0ihQ2/SwiTh4cu/N2FvxPWtdw1G+xHsFyiknW3tDlUJhVy04HJ23gYf5AJTXn6 31yL1mPZz+AsM87sCupr9lqKzS+/HBbuVBPzz+Zs8Vb4pQYiuz/8Z0yCD4HR6iH8 OGLf9K+mZ07TqyaZkI8a23PjX5BaYqRxNR+vRsRNVuiFTiPq86++mrMUm+AUTNMJ I1MyOZITMTCdITonmWIZj2XaFjyRZNd285bf/UqSirYAatinyuptEBlgHmgefYyU UT/hYMnwiE6ajP5Ep8wbWBEmGqq22LFpaEVAkcTg3kFHxnYV/vt3Wt7l33yLPDwL Gl3sQ71Njf681afx31ztv9CY+No2GTUtUjpUw074d/8SrIj0VWi+uzxNKtHtNaPR jCfYVWWdbWm7wOfxjRk4O6F0SLh1fnkeVlHUpLTFJ/+j6j3c5BYrnTDL87+Uv/Bc 5WPjQ9xvctATout0bKszsgL70nOpSBYaFhct9wX5cdPgKiWB9upjW0nM25EMPK42 EE4Q2bgeDGGLfUubn//NSR33zI9OrglQNn9VeY9BrvyvKZ97nS2YRs5ZvTpY6miu YjOe+NTzr0NcurMOVg/8Jx17UNVcbawd8lg0fA7AUqIzIMoJgI6k6MF+sIipfhj0 oEUUJNT0CzLYuIhkEB5n =MJhw -----END PGP SIGNATURE-----
Current thread:
- CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Joe Bowser (Nov 20)
- Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Salvatore Bonaccorso (Nov 22)
- Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Fried Wil (Nov 22)
- Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android cve-assign (Nov 23)
- Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Salvatore Bonaccorso (Nov 22)