oss-sec mailing list archives
Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
From: Mark J Cox <mjc () redhat com>
Date: Wed, 28 Oct 2009 11:43:26 +0000 (GMT)
Based on the above -^ I would vote for separate CVE identifier for expat flaw (and its embedded copies in dozen of packages): https://bugs.gentoo.org/show_bug.cgi?id=280615#c8 https://bugs.gentoo.org/show_bug.cgi?id=280615#c10As far as we understand, the expat flaw in question is in no way related to CVE-2009-2625, or other recent XML parser flaws. Therefore our take is that it should have a distinct CVE entry.
So use CVE-2009-3720 for this Mark
Current thread:
- Regarding expat bug 1990430 Jan Lieskovsky (Oct 22)
- Re: Regarding expat bug 1990430 Marc Schoenefeld (Oct 22)
- Re: Re: Regarding expat bug 1990430 Michael Gilbert (Oct 22)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] Jan Lieskovsky (Oct 23)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] CERT-FI Vulnerability Co-ordination (Oct 26)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] Mark J Cox (Oct 28)
- Re: Re: Regarding expat bug 1990430 Michael Gilbert (Oct 22)
- Re: Regarding expat bug 1990430 Marc Schoenefeld (Oct 22)