|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Moving ahead
- To: cve-review@linus.mitre.org
- Subject: Moving ahead
- From: Adam Shostack <adam@netect.com>
- Date: Tue, 15 Jun 1999 09:58:43 -0400
- In-Reply-To: <199906141806.OAA15019@basie.mitre.org>; from Steven M. Christey on Mon, Jun 14, 1999 at 02:06:29PM -0400
- References: <199906141806.OAA15019@basie.mitre.org>
- Reply-To: adam@netect.com
We have disagreement on a few issues; I'll suggest that Steve put those forth one at a time for consideration. I'll also say that to do a proper review job, the list was too long; I didn't start it several times because I wanted to go through it in one go, and thus my response was delayed. In addition, I want to raise three more, now that I've finished looking into them. CAN-1999-0014 we have insufficient data if a new CDE dtappgather bug comes out to determine if its new or a re-invention. (REJECT) CAN-1999-0032 the mention of (lp) is misleading. The problem was with the BSD lpr family, not the SYSV lp family. (MODIFY) CAN-1999-0099 the problem was demonstrated publicly through sendmail, there is no reason to expect it could not be used through another program. Suggest phrasing: "A buffer overflow in syslog which was demonstrably exploitable via sendmail." (MODIFY)
- Follow-Ups:
- Re: Moving ahead
- From: Adam Shostack <adam@netect.com>
- Re: Moving ahead
- References:
- Phases of Candidate Acceptance
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Phases of Candidate Acceptance
- Prev by Date: Phases of Candidate Acceptance
- Next by Date: Re: Moving ahead
- Prev by thread: Phases of Candidate Acceptance
- Next by thread: Re: Moving ahead
- Index(es):