| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Aug 2011 16:19:31 +0300 From: Georgi Guninski <guninski@...inski.com> To: Valdis.Kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk, Mark J Cox <mjc@...che.org> Subject: Re: Apache Killer On Thu, Aug 25, 2011 at 03:52:00PM -0400, Valdis.Kletnieks@...edu wrote: > On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said: > > On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote: > > > Use CVE-2011-3192. > > > > why the fuck use this shit? > > So that when two different people issue advisories about it, if they both say > CVE-2011-3192, we know it's the same issue. Otherwise if you got some people > writing about Kingcope's hole with gzip and others writing about Zalewski's > hole with Range: it's hard to tell if they're really the same issue or not. > ok, there might be some sense in using canonical names, but why chose possibly the worst service available? from their front page: "CVE®" - remember, remember what happened with the securityfocus/bugtraq exploit DB? btw, all the shitty id that should be "used" says: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists