PGP key for vulnerability reports

Richard Johnson rjohnson at sourcefire.com
Thu Jan 23 18:37:47 EST 2014


Looks gear from my side, thanks guys

On Thursday, January 23, 2014, Mark Doliner <mark at kingant.net> wrote:

> On Thu, Jan 23, 2014 at 1:54 PM, Tomas Hoger <thoger at redhat.com<javascript:;>>
> wrote:
> > On Thu, 23 Jan 2014 10:15:56 +0100 Tomas Hoger wrote:
> >
> >> > I believe it should ideally be:
> >> > CVE-2013-6486 - Yves Younan of Sourcefire VRT
> >> > CVE-2013-6487 - Yves Younan, Ryan Pentney, and Pawel Janic of
> >> > Sourcefire VRT
> >>
> >> Ah, I see there is more detail for these now than were available
> >> before.
>
> Ah, you're right, I failed to include that information in my original
> request. Sorry!
>
> > We reviewed this taking into an account the new info provided and
> > decided to split the assignment as follows:
> >
> > CVE-2013-6487
> > Buffer overflow in Gadu-Gadu HTTP parsing.
> >
> > CVE-2013-6489
> > Buffer overflow in MXit emoticon parsing.
> >
> > CVE-2013-6490
> > Buffer overflow in SIMPLE header parsing.
> >
> > Sorry for the mess this caused, hope it's still enough time to release
> > to avoid having it too messy once it's public.
>
> I think it won't be too bad. Thanks!
>


-- 
Richard Johnson
Sourcefire VRT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140123/d72f0b62/attachment.html>


More information about the security mailing list