PGP key for vulnerability reports

Mark Doliner mark at kingant.net
Thu Jan 23 18:27:22 EST 2014


On Thu, Jan 23, 2014 at 1:54 PM, Tomas Hoger <thoger at redhat.com> wrote:
> On Thu, 23 Jan 2014 10:15:56 +0100 Tomas Hoger wrote:
>
>> > I believe it should ideally be:
>> > CVE-2013-6486 - Yves Younan of Sourcefire VRT
>> > CVE-2013-6487 - Yves Younan, Ryan Pentney, and Pawel Janic of
>> > Sourcefire VRT
>>
>> Ah, I see there is more detail for these now than were available
>> before.

Ah, you're right, I failed to include that information in my original
request. Sorry!

> We reviewed this taking into an account the new info provided and
> decided to split the assignment as follows:
>
> CVE-2013-6487
> Buffer overflow in Gadu-Gadu HTTP parsing.
>
> CVE-2013-6489
> Buffer overflow in MXit emoticon parsing.
>
> CVE-2013-6490
> Buffer overflow in SIMPLE header parsing.
>
> Sorry for the mess this caused, hope it's still enough time to release
> to avoid having it too messy once it's public.

I think it won't be too bad. Thanks!


More information about the security mailing list