oss-sec mailing list archives
Re: Discussion: information leakage from server and client software - CVE/hardening/other?
From: cve-assign () mitre org
Date: Tue, 7 Oct 2014 17:56:42 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
So for example the http://boingboing.net/2014/10/07/adobe-ebook-drm-secretly-build.html article would indicate to me that this is CVE worthy under #4
Currently not; Adobe has a statement quoted at: http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/ indicating that the information disclosure is intentional, and is (from their point of view) useful to them. This is just an example of a behavior that might also occur in an open-source product. The Adobe issue itself is off-topic for this list. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUNGE1AAoJEKllVAevmvmsPGoH/iEVan/w5VupVHcepPvXtMPU aBsC1Zf5wJP9THQDZebMPafZihh15VZdV5jTwcg3uJYYVSA3l/oLNVk6JYFlxfAu ma8UDNiny/lArA28pGi4Ktu+/3bG6tlr/q6jb4OdjZlmdSFOtiLx0r87jrO8RG78 YdvK97pdM19HghlQtc8iDGrkLn2sfROI8VxvnNt0KncVICJGKgZSy1rI7nRK+Yri NSO26F7PDOBW5ZCXaY8WxdeJka95AWH2ILQ+X4KHxkDvY5d6NOSVOjpf19oB5x02 PkdLwCUoBNrndpvRses2evgdm0Qr7Vg3/MSw6I11AxKEHI8JDIMMdIVWznTZp0Q= =9O10 -----END PGP SIGNATURE-----
Current thread:
- Discussion: information leakage from server and client software - CVE/hardening/other? Kurt Seifried (Oct 07)
- Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
- Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
- Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)