oss-sec mailing list archives
Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
From: CERT-FI Vulnerability Co-ordination <vulncoord () ficora fi>
Date: Mon, 26 Oct 2009 16:40:05 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, Jan Lieskovsky wrote:
Based on the above -^ I would vote for separate CVE identifier for expat flaw (and its embedded copies in dozen of packages): https://bugs.gentoo.org/show_bug.cgi?id=280615#c8 https://bugs.gentoo.org/show_bug.cgi?id=280615#c10
As far as we understand, the expat flaw in question is in no way related to CVE-2009-2625, or other recent XML parser flaws. Therefore our take is that it should have a distinct CVE entry. - -Jussi / CERT-FI -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFK5bTF/64aC2E+yK8RAujqAKCgFjrzN4XZJ87Cf3pBAh2/1uNl6gCfW8+v qlDdj1prKH23JhsVi8mv90A= =Vin/ -----END PGP SIGNATURE-----
Current thread:
- Regarding expat bug 1990430 Jan Lieskovsky (Oct 22)
- Re: Regarding expat bug 1990430 Marc Schoenefeld (Oct 22)
- Re: Re: Regarding expat bug 1990430 Michael Gilbert (Oct 22)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] Jan Lieskovsky (Oct 23)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] CERT-FI Vulnerability Co-ordination (Oct 26)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] Mark J Cox (Oct 28)
- Re: Re: Regarding expat bug 1990430 Michael Gilbert (Oct 22)
- Re: Regarding expat bug 1990430 Marc Schoenefeld (Oct 22)