Re: How to handle the case with no CVE
Hi Ola,
On Thu, May 26, 2016 at 12:27:32PM +0200, Ola Lundqvist wrote:
> Hi Salvatore
>
> Thanks for quick answer.
>
> Yes I have seen that and uploaded to the archive. I guess it has not been
> processed yet.
>
> A CVE request was made half a year ago, but none assigned that I could find.
Yes seen that. You might follow-up on that and ask if it felt through
the cracks.
> Regarding the addition if a line to data/CVE/list. Shall I add it to a
> dummy id because the format looks like it is
> CVE-XXX-XXX
> lines
I just have commited the following to the security-tracker data:
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13407,6 +13407,8 @@ CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in .
NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
CVE-2015-XXXX [ruby-mail: SMTP injection via recipient email addresses]
- ruby-mail 2.6.1+dfsg1-1
+ [wheezy] - ruby-mail 2.4.4-2+deb7u1
+ NOTE: Workaround entry for DLA-489-1 (since no CVE for this issue)
NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
NOTE: Fixed in 2.6.0
HTH,
Regards,
Salvatore
Reply to: