oss-sec mailing list archives

Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request)

From: Jonas Schäfer <jonas () wielicki name>
Date: Wed, 28 Jul 2021 15:08:01 +0200

On Mittwoch, 28. Juli 2021 08:28:53 CEST Salvatore Bonaccorso wrote:

Hi Jonas,

On Thu, Jul 22, 2021 at 05:03:36PM +0200, Jonas Schäfer wrote:

(NB: [1] suggested that posting to this list is still an acceptable way to
request a CVE, especially if disclosure should happen immediately. Please
let me know if that's not going to work, then I'll fill out the form.)

Can you request a CVE directly through https://cveform.mitre.org/ ?


Will do, thanks.

Where to go to get a CVE for a "random" open source project is always a bit 
opaque for me. I noticed that I managed to omit the link in my original email, 
this is the guide I was referring to:

(sorry for the broken link)

https://github.com/CVEProject/cveproject.github.io/blob/gh-pages/requester/
reservation-guidelines.md#4-requests-to-third-party-coordinator-cnas-or-email-
lists

kind regards,
Jonas

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) Jonas Schäfer (Jul 22)
- Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) Salvatore Bonaccorso (Jul 27)
  - Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) Jonas Schäfer (Jul 28)
- Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601) Jonas Schäfer (Jul 28)