oss-sec mailing list archives
Re: Thoughts on a vuln/CVE?
From: Yves-Alexis Perez <corsac () debian org>
Date: Tue, 18 Jun 2013 08:10:12 +0200
On mar., 2013-06-18 at 00:04 -0600, Kurt Seifried wrote:
We have software with a now insecure configuration as it points to a site that may or may not be under attacker control. It seems to me like this might be a candidate for a CVE. Thoughts and comments for and against are welcome (I'm on the fence myself).
I'm not completely sure what assigning a CVE would give here. Debian itself never shipped a package adding this apt source. Some people might have shipped some external packages adding it, but I'm not really aware of this. Usually the source was added manually by end-users. So I'm not too sure what tracking the “issue” would actually give. Maybe it can help raise awareness on this, but I'm not too convinced. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 17)
- Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 17)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 17)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
- Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
- Re: Thoughts on a vuln/CVE? Tim (Jun 18)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)