Re: [Secure-testing-commits] r6997 - data/CVE

To: debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-commits] r6997 - data/CVE
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 17 Oct 2007 22:31:45 +0200
Message-id: <[🔎] 20071017203145.GA8393@galadriel.inutil.org>
In-reply-to: <E1IiEvO-0006G9-CF@alioth.debian.org>
References: <E1IiEvO-0006G9-CF@alioth.debian.org>

>  CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
>  	NOT-FOR-US: Microsoft Expression Media
>  CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...)
> -	- openser <unfixed> (low; bug #446956)
> +	- openser <unfixed> (unimportant; bug #446956)
>  	NOTE: should be only "exploitable" in local network with untrusted users
>  CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
>  	NOT-FOR-US: Cisco

In such cases it's useful to mail cve@mitre.org with a reference to
the bug to tell them that the issue is not considered a security
problem, so that the CVE entry can be revoked or marked as "DISPUTED".

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: [Secure-testing-commits] r6997 - data/CVE
  - From: Nico Golde <nico@ngolde.de>

Prev by Date: Reminder of the claim mechanism
Next by Date: Re: [Secure-testing-commits] r6997 - data/CVE
Previous by thread: Reminder of the claim mechanism
Next by thread: Re: [Secure-testing-commits] r6997 - data/CVE
Index(es):
- Date
- Thread