Re: Does a documentation bug elevate to CVE status? - Crypto++

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> did not tell users that they must define -DNDEBUG when using alternate
> build systems, like Autotools or CMake

> machinery could engage that
> egresses the sensitive information to the file system (core files and
> the like). On some platforms, like Ubuntu with Apport, Apple with
> CrashReporter, and Windows with Windows Error Reporting, the sensitive
> information is egressed to a third party

Use CVE-2016-7420 for this Crypto++ (aka cryptopp) vulnerability.

In general, documentation bugs can have CVEs. Maybe the easiest
example to find is CVE-2010-4179.
http://www.openwall.com/lists/oss-security/2015/11/10/12 is another
example of how misleading documentation can have a CVE.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX2xl8AAoJEHb/MwWLVhi2cUUP/RAYclh+VWjbrJskPz/HaJUL
lL8Pveg4jRTcU+CYN5R5sBoPajPAEthbv+UyWg7H3d2vW905yh2sy5hUnKj6weuG
v8pFDXEqWXY4OKaaXRVp9FcDd5pFR+YWHAGddzilWuOTyIZ6KOQeiKo8GG/og5/d
2YanGHpD884MGB189SB+LZcUv/NjYl5X4ONIM4nR/t3KlpRA9kWYBi0o9KwSrStS
jb3kK3ZiKw60WmVuwfRbvklb8zDSvxhMRpiqrOju2HgiY5E0ajZOhQQwEoNdcnlO
HA0IYW5BJO83coM8a7c1z3RRrmncJucZL8uxcPistwKhZyWFnvAKnp2zpNnmGM2S
z3CcTK1h7U+434xCNcKXTWFnMr4+WWIS9N8NfYyAFbGY+5nZ/G2Dpro9ObQQIikG
zzrwdVgdWxrXKUeP5mfqM5F0GDhKNZIK1nKX++7S/y4HO4xBJAwyHKXRg42S4yX0
yfUbknygpqKrJGIG1EjOzUqmlgS2nsclq6nJRv5YuJgTqRh6ZQC7b/Zwr+Sil8tP
ZLu4kv1IVv52Z5jjk1pUfHe6AW2lfu82iUzKFZaW0m9MUaq9ULNL3+CSkUBM4oxv
ay2L+gKNE4SExGYj7brfYkm/1r5d7eo7WIrINrbdz6XojOKKbCAs4nTlvKQoVn9m
esrwC4mjLKJ8/DHt7D7X
=du18
-----END PGP SIGNATURE-----