[tcpdump-workers] Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

Michal Sekletar msekleta at redhat.com
Tue Nov 25 12:43:03 EST 2014


On Tue, Nov 25, 2014 at 03:43:21PM +0100, Michal Sekletar wrote:
> On Tue, Nov 25, 2014 at 09:52:59AM +0100, Romain Francoise wrote:
> > On Mon, Nov 24, 2014 at 11:26:06AM -0800, Michal Zalewski wrote:
> > > I didn't request one, but probably. RH or Debian folks can likely just
> > > assign one from their pools.
> > 
> > I can ask the Debian security team to assign one, or we can ask
> > cve-assign at mitre directly. Or perhaps the other Michal can get one via
> > internal Red Hat channels?
> 
> I will contact Red Hat SRT to look into that.

I got a response from a member of Red Hat's SRT stating that since the issue was
already reported publicly they can not assign CVE number. If we want to request
CVE number we should either write to oss-security list or ask MITRE directly.

Michal

> 
> Michal
> 
> > 
> > -- 
> > Romain Francoise <rfrancoise at debian.org>
> > http://people.debian.org/~rfrancoise/
> _______________________________________________
> tcpdump-workers mailing list
> tcpdump-workers at lists.tcpdump.org
> https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers


More information about the tcpdump-workers mailing list