Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)

[Kurt Seifried <kseifrie () redhat com>]

> > Credit: vulnerability report and PoC code received from Alexander
> > Klink <alexander.klink AT nruns.com> and Julian Waelde <jwaelde AT
> > cdc.informatik.tu-darmstadt.de>.
> >
> > CVE: CVE-2011-4461 (Jetty), CVE-2011-4838 (JRuby), CVE-2011-4885
> > (PHP), CVE-2011-4462 (Plone), CVE-2011-4815 (Ruby)
>
> Kurt or other CVE assigners, can you please assign a bunch for python,
> java, tomcat etc. pp.
>
> --
> Hanno Böck             mail/jabber: hanno () hboeck de
> GPG: BBB51E42          http://www.hboeck.de/

I am going to defer this to Steve/etc, as I had nothing to do with the original CVE assignments so I have no idea 
(maybe they got assigned but not published? Not assigned yet due to split/merge issues? not assigned due to other 
reasons?).

-- Kurt Seifried / Red Hat Security Repsonse Team