oss-sec mailing list archives
Re: CVE request: piwik before 1.6
From: Anthon Pang <anthon.pang () gmail com>
Date: Wed, 19 Oct 2011 18:07:34 -0400
AFAIK there's been no official change in disclosure policy by the Piwik project. Advisories are separate from the release notes/changelog and are typically published within a week of release. That said, I expect this will take longer than usual given the number of vulnerabilities addressed in this release. Sent from my iPhone On 2011-10-19, at 12:58 PM, "Steven M. Christey" <coley () rcf-smtp mitre org> wrote:
On Wed, 19 Oct 2011, Hanno B鐼k wrote:Regarding CVEs, i suggest adding one for every name, e.g. "Unknown security vulnerability in piwik before 1.6 discovered by Alexandru Pitis" etc., until we know more about it.This is consistent with current practice, where we assign separate CVEs for issues found by different researchers. With the (limited) knowledge that's available right now, all the vulns are the same type, i.e., "unspecified." - Steve
Current thread:
- CVE request: piwik before 1.6 Hanno Böck (Oct 19)
- Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)
- Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
- Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
- Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
- Re: CVE request: piwik before 1.6 Henri Salo (Oct 27)
- Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
- <Possible follow-ups>
- Re: CVE request: piwik before 1.6 Henri Salo (Oct 28)
- Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)