oss-sec mailing list archives
Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users
From: Randy Barlow <rbarlow () redhat com>
Date: Mon, 18 Apr 2016 13:15:51 -0400
On Mon, Apr 18, 2016 at 11:11:35AM -0400, cve-assign () mitre org wrote:
Use CVE-2013-7450.
Thank you! I forgot to credit Sander Bos in my initial e-mail for bringing the lack of CVE for this issue to my attention.
(We're interpreting this as a request from the Pulp upstream vendor. In general, it would be hard for a third party to determine whether a "tiny paragraph" was generally recognized as a required part of the installation process.)
That's correct, I am a core contributor to the Pulp project. -- Randy Barlow irc: bowlofeggs
Attachment:
signature.asc
Description:
Current thread:
- CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users Randy Barlow (Apr 15)
- Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users cve-assign (Apr 18)
- Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users Randy Barlow (Apr 18)
- Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users cve-assign (Apr 18)