Re: squirrelmail CVE-2020-14933

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Fri, October 15, 2021 14:37, Paul Lesniewski wrote:

> This was on my radar, but given your situation, I went ahead and contacted
> both NIST and MITRE just now.  If you have the FreeBSD maintainer's
> contact info, I can work with that person too, but I don't understand what
> you need from that person?  Maybe you want them to invalidate/reject the
> ticket on their bug tracker?

>From what I can gather from the NIST website each issuer of a version of the
software, in other words the packaged version (apt, yum, rpm, pkg, etc.) can
individually notify the NIST, via email, that their version/package does not
have the vulnerability.  This is additional to the development team.

I speculate that this practice allows distribution specific patches to be
recorded against the CVE that are created before the upstream developers

I looked up the details of the person who wrote the message to openwall and
their github account.  They have/had a fork of SM on github that they claimed
to patch to deal with security issues.  In the message used to originate this
CVE the claimed to have contacted you directly respecting this matter before
they posted on openwall.

Thanks for you attention to this.  I appreciate it very much.

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

squirrelmail-users mailing list
Posting guidelines:
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives:
List info (subscribe/unsubscribe/change options):

[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux