Re: CVE Request: mailman

["Steven M. Christey" <coley () linus mitre org>]

In this case, all else being equal, lowest ID wins.

We will never be perfect due to the lack of sufficient details (or, way 
too many details), but where possible I prefer to follow the consistency 
rules when we can, especially when they're pretty clear-cut like this.

It happens :-)

In this case, the abstraction issue was discovered quickly, so I'm OK with 
fixing the abstraction after the fact.

Let's stick with CVE-2010-3089, and I'll flag CVE-2010-3090 for rejection.

- Steve



On Mon, 13 Sep 2010, Josh Bressers wrote:

> ----- "Steven M. Christey" <coley () linus mitre org> wrote:
>
> > Josh,
> >
> > Was there a particular reason to split these into separate CVEs?  A quick
> > glance suggests they affect the same version, and since they're the same
> > type, would normally argue for a merge.
>
> I have no idea why I did that now that I look at the bugs. I'm sorry.
>
> I'll let you pick which ID to use (do you have a policy for this? lowest
> ID?)
>
> Thanks.
>
> --
>    JB