Re: Spurious CVE ID reported as open on Cherokee - NFU?

To: debian-security-tracker@lists.debian.org
Subject: Re: Spurious CVE ID reported as open on Cherokee - NFU?
From: Raphael Geissert <geissert@debian.org>
Date: Fri, 15 Jan 2010 18:21:46 -0600
Message-id: <[🔎] hir0ql$un$1@ger.gmane.org>
References: <[🔎] 20100115232053.GB28356@gwolf.org>

Gunnar Wolf wrote:

> Hi,
> 
> The PTS reports there is a CVE open for Cherokee (CVE-2009-4587). This
> bug, however, seems to affect only Windows installs. FWIW there is
> even a note on the CVE report¹ stating it is a lack of validation bug,
> but I understand it cannot be used to crash the server in Debian.
> 
> Anyway, I have not dealt with CVE reports against my packages before,
> and don't know how to close this report.
> 

FTR, I talked via IRC with Gunnar. Upstream will be contacted to help 
determine the real cause of the crash (AUX on MS-DOS is the serial port 
device).

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

References:
- Spurious CVE ID reported as open on Cherokee - NFU?
  - From: Gunnar Wolf <gwolf@gwolf.org>

Prev by Date: Re: No tracker page for DSA-1971-1
Next by Date: Re: No tracker page for DSA-1971-1
Previous by thread: Spurious CVE ID reported as open on Cherokee - NFU?
Next by thread: On the usefulness of the remote column
Index(es):
- Date
- Thread