Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel

[Josh Bressers <bressers () redhat com>]

I can assign most of these. Steve, I have two requests below, can MITRE
take them?


----- "Moritz Muehlenhoff" <jmm () debian org> wrote:

> Hi,
> here's a few CVE requests for issues in the Debian Security Tracker
> without a CVE ID assigned:
>
> 1. POE::Component::IRC
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194
> http://github.com/bingos/poe-component-irc/compare/d2ead04...675f55cd

Use CVE-2010-3438

> 2. Alien Arena
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575621
> http://corent.proboards.com/index.cgi?board=bugreport&action=display&thread=4761

Use CVE-2010-3439

> 3. Babiloo
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591995

Use CVE-2010-3440

> 4. Typo3
> http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
> http://lists.debian.org/debian-security-announce/2010/msg00144.html

This one is bigger than a breadbox. Steve, can MITRE assign these ones?

> 5. abcm2ps
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014
> http://moinejf.free.fr/abcm2ps-5.txt
> http://secunia.com/advisories/39345/

This should probably be more than one, but without more details,
I can only give it one: CVE-2010-3441

> 6. ModSecurity
> There was already a CVE request by Jan Lieskovsky, but it doesn't
> seem
> to have led to an ID assignment:
> http://www.openwall.com/lists/oss-security/2010/02/10/2

This one is also too big for me to handle properly. Can MITRE take it?

Thanks
-- 
    JB