* Steven M. Christey <co...@linus.mitre.org> [2009-07-01 13:43]:
> On Mon, 22 Jun 2009, Nico Golde wrote:
> > I'm not sure if this should get a new CVE id but the versions in the CVE id
> > description should be adjusted and the upstream patch revised.
> This looks like even though there was a source code modification, the
> previous issue was not fixed at all.  That is, any attack that would have
> worked before the fix, will still work after the fix.
> However, Fedora FEDORA-2009-3383 at least claims a fix for CVE-2009-0840,
> so a new CVE is probably in order to "signal" to admins that they have
> another issue to handle.
> Use CVE-2009-2281 for the "new" issue.  What versions are affected by
> this?

Should be every currently available release, I'm currently 
working with upstream on a better fix.

Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp578npxfHrT.pgp
Description: PGP signature

Pkg-grass-devel mailing list

Reply via email to