oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Insecure Software Download in pip

From: Raphael Geissert <geissert () debian org>
Date: Wed, 31 Jul 2013 10:33:09 +0200
On 31 July 2013 10:11, Kurt Seifried <kseifried () redhat com> wrote:

On 07/30/2013 12:44 PM, Donald Stufft wrote:

There was a CVE for pip not verifying TLS,
https://access.redhat.com/security/cve/CVE-2013-1629 However that
says it was RESERVED so I'm not sure how to make that unreserved?
I've not done much with requesting CVEs before.


Ok I have no info on that CVE, is it embargoed? I can't find it in
google after a quick search. I need to see that one before I can
assign anything.



From the bugzilla info: "source=debian", and looking at our tracker:

https://security-tracker.debian.org/tracker/CVE-2013-1629 points to:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710163

I don't know who assigned the id, however.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Previous By Date Next
Previous By Thread Next

Current thread: