oss-sec mailing list archives

Re: CVE request: notmuch

From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 04 Mar 2012 20:19:14 -0700

On 03/04/2012 11:50 AM, Moritz Mühlenhoff wrote:

Hi,
please assign a CVE for this issue in "notmuch" (fixed in DSA 2416):
http://lists.debian.org/debian-security-announce/2012/msg00044.html

Fix:
http://git.notmuchmail.org/git/notmuch/commit/ae438ccd8c77831158c7c30f19710d798ee4a6b4

Cheers,
        Moritz


Please use CVE-2012-1103 for this issue.

Potentially stupid Q, why no CVE request from Debian? I'm happy to
assign them, especially for stuff that qualifies for a DSA, it will
almost certainly qualify for a CVE. If you need one for an embargoed
issue please email the OpenWall vs list
(http://oss-security.openwall.org/wiki/mailing-lists/distros) and I can
assign it there.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Current thread:

CVE request: notmuch Moritz Mühlenhoff (Mar 04)
- Re: CVE request: notmuch Kurt Seifried (Mar 04)
  - Re: CVE request: notmuch Florian Weimer (Mar 04)