Re: CVE request:SQL injection in TeamPass

[Solar Designer <solar () openwall com>]

Hi,

On Thu, Apr 28, 2016 at 04:20:08PM +0800, das das wrote:
> I sent you an email about the vulnerability found in Teampass,
> http://www.openwall.com/lists/oss-security/2016/04/14/1

I imagine that the MITRE folks are busy with higher-priority requests.

> however,I haven't received any reply yet.Does cve still accept such
> vulnerabilities in Teampass?Because There are some Teampass
> vulnerabilities witch are found latey,and I don't know whether they
> should be submitted.

I think you're confusing notifying the community and obtaining CVE IDs.
It does make perfect sense for you to be notifying the community even if
you're not receiving CVE IDs promptly (or at all).  If you need some IDs
for tracking, please feel free to obtain and self-assign OVE IDs, and
include those right in your initial notifications to oss-security:

http://www.openwall.com/ove/

Alexander