oss-sec mailing list archives
Re: Duplicate CVE assignment notification [was: CVE id request: django]
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 13 Oct 2009 15:26:25 +0200
Hello Steve, vendors, two CVE ids have been assigned for this issue: CVE-2009-3695 and CVE-2009-3610. Will take CVE-2009-3695 as the proper one, as it has description already. CVE-2009-3610 should be rejected. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team Josh Bressers wrote:
Please use CVE-2009-3610 Thanks. ----- "Raphael Geissert" <geissert () debian org> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, A vulnerability has been found in Django's forms library that can be used to perform DoS attacks via certain email addresses or URLs that make the validation regular expressions consume CPU resources. The vulnerability is said to be being exploited on live installations. References: http://www.djangoproject.com/weblog/2009/oct/09/security/ http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/677e54bd6c6e283b http://lists.debian.org/debian-security-announce/2009/msg00227.html Please assign a CVE identifier. Kind regards,- -- Raphael Geissert - Debian Developerwww.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkrREJQACgkQYy49rUbZzlpwswCgjSOAiDSfYGYiE+ZjE9i6+Zmf 3MkAoJN9qvxGAzfzsgiFW8XAuP1wan81 =nsNz -----END PGP SIGNATURE-----
Current thread:
- CVE id request: django Raphael Geissert (Oct 10)
- Re: CVE id request: django Josh Bressers (Oct 12)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Jan Lieskovsky (Oct 13)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Steven M. Christey (Oct 13)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Steven M. Christey (Oct 13)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Jan Lieskovsky (Oct 13)
- Re: CVE id request: django Josh Bressers (Oct 12)