oss-sec mailing list archives
Re: CVE request: PHP MOPS-2010-56..60
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 24 Aug 2010 16:39:48 +0200
On Tue, 24 Aug 2010 11:34:42 +0200 Pierre Joye wrote:
Done: http://svn.php.net/viewvc?view=revision&revision=302565Does it need a new CVE-ID?
[ .. ]
Not sure as #24 was never fixed, but I don't know what is the policy in this case. I can use CVE-2010-2094 or a new one if it is more appropriate or cleaner.
Standard practice is to use new CVE. As all 5 phar MOPS were covered under single CVE, and not all of them were fixed in 5.3.3, I'd expect a new "incomplete fix" CVE. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Re: CVE request: PHP MOPS-2010-56..60, (continued)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Thomas Biege (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Josh Bressers (Aug 25)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)