oss-sec mailing list archives

Re: CVE Request -- Apache CouchDB v.0.11.0 -- timing attacks flaw

From: Alex Legler <a3li () gentoo org>
Date: Wed, 31 Mar 2010 20:39:10 +0200

Hi,

On Wed, 31 Mar 2010 19:26:38 +0200, Jan Lieskovsky
<jlieskov () redhat com> wrote:


[1] references CVE-2008-2370 as CVE id, but CVE-2008-2370 is Apache
Tomcat flaw: [6]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370

Since Apache CouchDB is different code base, susceptible to the same
issue as in [3], assuming new CVE identifier is required.


Jan already posted a follow-up
(http://seclists.org/fulldisclosure/2010/Mar/554) to his message with
an updated ID: CVE-2010-0009

Alex

-- 
Alex Legler | Gentoo Security / Ruby
a3li () gentoo org | a3li () jabber ccc de

Attachment: signature.asc
Description:

Current thread:

CVE Request -- Apache CouchDB v.0.11.0 -- timing attacks flaw Jan Lieskovsky (Mar 31)
- Re: CVE Request -- Apache CouchDB v.0.11.0 -- timing attacks flaw Alex Legler (Mar 31)