oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Discussion: information leakage from server and client software - CVE/hardening/other?

From: cve-assign () mitre org
Date: Tue, 7 Oct 2014 17:56:42 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


So for example the
http://boingboing.net/2014/10/07/adobe-ebook-drm-secretly-build.html
article would indicate to me that this is CVE worthy under #4 


Currently not; Adobe has a statement quoted at:

  http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/

indicating that the information disclosure is intentional, and is
(from their point of view) useful to them. This is just an example of
a behavior that might also occur in an open-source product. The Adobe
issue itself is off-topic for this list.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUNGE1AAoJEKllVAevmvmsPGoH/iEVan/w5VupVHcepPvXtMPU
aBsC1Zf5wJP9THQDZebMPafZihh15VZdV5jTwcg3uJYYVSA3l/oLNVk6JYFlxfAu
ma8UDNiny/lArA28pGi4Ktu+/3bG6tlr/q6jb4OdjZlmdSFOtiLx0r87jrO8RG78
YdvK97pdM19HghlQtc8iDGrkLn2sfROI8VxvnNt0KncVICJGKgZSy1rI7nRK+Yri
NSO26F7PDOBW5ZCXaY8WxdeJka95AWH2ILQ+X4KHxkDvY5d6NOSVOjpf19oB5x02
PkdLwCUoBNrndpvRses2evgdm0Qr7Vg3/MSw6I11AxKEHI8JDIMMdIVWznTZp0Q=
=9O10
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: