Thijs Kinkhorst
2007-Oct-02 11:42 UTC
[Secure-testing-team] GForge: CVE-2007-4966 and CVE-2007-3913
Hi, CVE-2007-4966 has been marked as a duplicate of CVE-2007-3913 in the tracker, and I think rightly so. Has anyone tried to "exploit" of 4966 on a fixed version of Gforge just to be sure? Has anyone contacted Mitre about this duplication? Thijs
Roland Mas
2007-Oct-02 12:12 UTC
[Secure-testing-team] GForge: CVE-2007-4966 and CVE-2007-3913
Thijs Kinkhorst, 2007-10-02 13:42:58 +0200 :> Hi, > > CVE-2007-4966 has been marked as a duplicate of CVE-2007-3913 in the > tracker, and I think rightly so.Correct.> Has anyone tried to "exploit" of 4966 on a fixed version of Gforge > just to be sure?Since the behaviour described is the very same as the one in 3913, I guess testing for the latter also implies testing for the former. So, yes.> Has anyone contacted Mitre about this duplication?I haven''t. Roland. -- Roland Mas Time is a drug. Too much of it kills you. -- in Small Gods (Terry Pratchett)
Nico Golde
2007-Oct-02 12:39 UTC
[Secure-testing-team] GForge: CVE-2007-4966 and CVE-2007-3913
Hi Thijs, * Thijs Kinkhorst <thijs at debian.org> [2007-10-02 13:45]:> CVE-2007-4966 has been marked as a duplicate of CVE-2007-3913 in the > tracker, and I think rightly so. Has anyone tried to "exploit" of 4966 on > a fixed version of Gforge just to be sure?Yes I did this when marking it as duplicate to backup my NOTE.> Has anyone contacted Mitre about this duplication?Done now. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071002/7a50a532/attachment.pgp