oss-security September 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE Request: mailman

Re: [oss-security] CVE Request: mailman

From: Steven M. Christey <coley_at_nospam>
Date: Mon Sep 13 2010 - 21:34:24 GMT
To: Josh Bressers <bressers@redhat.com>

In this case, all else being equal, lowest ID wins.

We will never be perfect due to the lack of sufficient details (or, way
too many details), but where possible I prefer to follow the consistency
rules when we can, especially when they're pretty clear-cut like this.

It happens :-)

In this case, the abstraction issue was discovered quickly, so I'm OK with
fixing the abstraction after the fact.

Let's stick with CVE-2010-3089, and I'll flag CVE-2010-3090 for rejection.

- Steve

On Mon, 13 Sep 2010, Josh Bressers wrote:

> ----- "Steven M. Christey" <coley@linus.mitre.org> wrote:
>> Josh,
>> Was there a particular reason to split these into separate CVEs? A quick
>> glance suggests they affect the same version, and since they're the same
>> type, would normally argue for a merge.
> I have no idea why I did that now that I look at the bugs. I'm sorry.
> I'll let you pick which ID to use (do you have a policy for this? lowest
> ID?)
> Thanks.
> --
> JB