Re: CVE request: Curl insecure usage

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/27/2012 03:55 PM, Steven M. Christey wrote:
> Kurt,
>
> My read is that these are fairly straightforward issues, although
> the number of implementations with this problem may be rather high
> :-(

Yeah, just wanted to confirm since you guys have to write the
descriptions (well in this case you can probably just use a template
and replace the name/version #). I got no problem assigning lots of CVEs.

> So, I'd say that these faulty implementations each deserve their
> own CVE, instead of a single ID for Curl.

Will do.

> - Steve

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQtnT6AAoJEBYNRVNeJnmTVeYP/19m2xiVA3VldGeKL/VolXYA
EGITcpUoiuq27/GKCEB/mVB4ReSy+DBz9zZxbxaRCFfia3CoTZdmkocW+0yWFK2D
gKALNoF7S+BLqCQFY87xSRcAFjyAEiRKZj8bxkZBFOZgkURRSPQ3yhEwJ6KZJ7gU
eYyt+8PbqoraWD/XQfonavIWJcpJxL72mWvA9jGYerXb0nxyZWSWJ47mAjj7QKI2
Dc4f850Ytbuikwqe9jGw3CTJD8Iv7xqsf5OyPm3Qs2sAvprW/wuW/Vt5wiDCdt3g
eqTZhtr32HzfyKuif1NlN3VBzUUmpHA6Bk6Q6w6ocxm90/Y4Jy9VG5Du9eWQMXrd
lXtwxrvXJGyPwHGAdx89ewCAOTQhk8D2GkC7awzeEB0PDSC9keJVsn/Wo3Hlqujm
UbQ7hT+Ri0/BJK4K04J/5ORkjhoise1M3c50+4uHz7JtJwX5w8y1sFx2Xbte6qL1
A9w5QfrcoKb/fCsRyZNbUtaShAyB38TFBEjYK8Y+HgCErxOPW75P/ba91ORvj7md
LQ2Xcz2WpLaH+O9gLvGY7cPcww8UkRRZraGqHYuKLN5lrx6JyXQBorcdbcsmiJb5
XFvzWe1ZSa1FTmUeom14NjPYcOvI6CkgtUU796u81DOMJVsTiXKKniu0JbC6t4Z6
+NBp0/x5rD+eMlUWnBgC
=ruLl
-----END PGP SIGNATURE-----