[VIM] CVE-2013-0332 / CVE-2013-0232 (Zoneminder) mapping errors
Kurt Seifried
kseifried at redhat.com
Wed Mar 20 13:54:23 CDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/20/2013 11:34 AM, security curmudgeon wrote:
>
> On Wed, 20 Mar 2013, Christey, Steven M. wrote:
>
> : Apparently some sources, including Exploit-DB and OSVDB, are
> using : incorrect CVEs for Zoneminder issues. : : Whether this was
> a typo somewhere I don't know.
>
> We got the CVE from EDB, which appeared to typo it. Since CVE was
> not open, we could not verify the assignment ourselves. This was
> two months ago, and the CVEs are just now open today =)
Steven: it might be worth revisiting the "URL only" CVEs I had
suggested some time ago, e.g. put up CVE entries with just a
CVE/URL(s) (e.g. the oss-sec posting and any relevant urls mentioned
like the source code fix/advisory/etc.). This would prevent this kind
of error and give people something to at least confirm the CVE/etc.
exists and is correct.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAEBAgAGBQJRSgXfAAoJEBYNRVNeJnmT5kIP/jAaeXK2e8w2WbEug0H0O34k
JGeEAxvPOsGeLIUjo8j/7U5q1m68ZX3zF826zyYHsS2AFaYqf3F8NA9mpz0ec+Ae
h9uddMCtAO+ha79+lMdrPd73QFTO2u+h8jQQodF2YEy/p91l5hJLaVpEOOL40mgt
eU1mP+DjE6XKKq/cSI4lYtkMBUoew6SBjTa+/clFyShXIUlJ3Q0ZTonG8CkfZOss
UWdNvh05RED0gi9ZGXVOGF5IPnMJeXBWWQeLtJuoIDTsvn2THLX1MSIia3DJ1Tnp
+lPHAUhgwBv5C5QhKa3z1y9ymwbobcJh15QM/FgjAVbqVU6IusjRALzolhoTSNvm
CFaMzGuupscwl5dzoe31iDfdCvOTt9LeN2KgctKTxaf87D1UM2i4ncSeRhUow+IN
n5fUlwBFyxKnP7MozoJDURwvDapOxm5Q1/NxH9kjRRbNQ4p8oVwlNdcocFHMH2Xg
cRLd945tmR6D7xlSRKqKV6oCSGR+Jk/9pS3IpZ2tLHyW4lcoZ7PD3K4A/RFQCKk9
I9LTZRRbNN9SHsbMNDoYh4g1WawO0bTcc+Is9JgFz4azD21kToq+ZtLKDA3qTU5e
kGaNNjEdyaFMYDFxXVFv7j6Vc2KITvgNmUiPPNmAFGwZsTA9qa3r6AVIF8f2KfLw
jKhanJJAdhiIg/RHy3RH
=swtX
-----END PGP SIGNATURE-----
More information about the VIM
mailing list