On Fri, 11 Mar 2011 17:16:20 -0500 Michael Gilbert wrote: > On Fri, 11 Mar 2011 18:36:38 +0100 Francesco Poli wrote: > > > Hi all, > > everything seems to be OK with the DSA-2189-1 [1] tracker page [2] and > > its associated CVE numbers. > > Some CVE numbers were apparently assigned after the release of the DSA. > > I seem to be able to map the CVE-less vulnerabilities to the CVE > > numbers mentioned in the tracker [2], except for the first two: > > If you can specify which issues these are, and if you've checked the > source to confirm, we can make these updates. No, no, there was apparently a misunderstanding. I was unclear, sorry. What I meant is that some CVE numbers are not mentioned in the DSA, but have already been recorded in the tracker as fixed by the DSA itself. When I saw these additional CVE numbers on the tracker, I thought that they could be some of the CVE-less vulnerabilities mentioned in the DSA (which were in the meanwhile assigned a CVE id). By reading the CVE descriptions, I managed to map the additional CVE numbers to the CVE-less issues, but two seem to be still missing. I hope it's clearer, now. > > > Out-of-bounds read in text searching [69640] > > Memory corruption in SVG fonts. [72134] > > > > Are these two still CVE-less? > > If so, I cannot find any corresponding TEMP entry in the tracker [3]. > > Where are they? Should they be added to the tracker? > > We won't necessarily enter cve-less issues in the tracker. However, > once these do get assigned ids we will make sure they get recorded as > fixed in this dsa. Perfect, that's all I wanted to know. Bye. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgp1O_WlZSHYn.pgp
Description: PGP signature