[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to handle the case with no CVE

Hi Ola,

On Thu, May 26, 2016 at 12:27:32PM +0200, Ola Lundqvist wrote:
> Hi Salvatore
> 
> Thanks for quick answer.
> 
> Yes I have seen that and uploaded to the archive. I guess it has not been
> processed yet.
> 
> A CVE request was made half a year ago, but none assigned that I could find.

Yes seen that. You might follow-up on that and ask if it felt through
the cracks.

> Regarding the addition if a line to data/CVE/list. Shall I add it to a
> dummy id because the format looks like it is
> CVE-XXX-XXX
>   lines

I just have commited the following to the security-tracker data:

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13407,6 +13407,8 @@ CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in .
        NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
 CVE-2015-XXXX [ruby-mail: SMTP injection via recipient email addresses]
        - ruby-mail 2.6.1+dfsg1-1
+       [wheezy] - ruby-mail 2.4.4-2+deb7u1
+       NOTE: Workaround entry for DLA-489-1 (since no CVE for this issue)
        NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
        NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
        NOTE: Fixed in 2.6.0

HTH,

Regards,
Salvatore
Reply to: