[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving ahead

To: cve-review@linus.mitre.org
Subject: Re: Moving ahead
From: Adam Shostack <adam@netect.com>
Date: Tue, 15 Jun 1999 15:32:01 -0400
In-Reply-To: <19990615095843.A16210@pueblo.netect.com>; from Adam Shostack on Tue, Jun 15, 1999 at 09:58:43AM -0400
References: <199906141806.OAA15019@basie.mitre.org> <19990615095843.A16210@pueblo.netect.com>
Reply-To: adam@netect.com

Let me just clarify that I meant candidates, not issues.

Further, those candidates which I have not commented on to date I
ACCEPT.

Adam


On Tue, Jun 15, 1999 at 09:58:43AM -0400, Adam Shostack wrote:
| 
| We have disagreement on a few issues; I'll suggest that Steve put
| those forth one at a time for consideration.  I'll also say that to do 
| a proper review job, the list was too long; I didn't start it several
| times because I wanted to go through it in one go, and thus my
| response was delayed.
| 
| In addition, I want to raise three more, now that I've finished
| looking into them.
| 
| CAN-1999-0014 we have insufficient data if a new CDE dtappgather bug
| comes out to determine if its new or a re-invention. (REJECT)
| 
| CAN-1999-0032 the mention of (lp) is misleading.  The problem was with 
| the BSD lpr family, not the SYSV lp family.  (MODIFY)
| 
| CAN-1999-0099 the problem was demonstrated publicly through sendmail,
| there is no reason to expect it could not be used through another
| program.  Suggest phrasing:  "A buffer overflow in syslog which was
| demonstrably exploitable via sendmail."  (MODIFY)
|

Follow-Ups:
- Re: Moving ahead
  - From: "Sheppard,Martin L." <sheppard@mitre.org>

References:
- Phases of Candidate Acceptance
  - From: "Steven M. Christey" <coley@linus.mitre.org>
- Moving ahead
  - From: Adam Shostack <adam@netect.com>

Prev by Date: Moving ahead
Next by Date: test - please respond
Prev by thread: Moving ahead
Next by thread: Re: Moving ahead
Index(es):
- Date
- Thread