@SushiDude What's the currently estimated total CVE numbers for 2014? #didCVEbreak10Kyet
@anantshri @SushiDude @kurtseifried @wireghoul @CodeVigilant if you have influence, can future advisories indicate stored vs reflected?
-
-
@CodeVigilant also, plugins may inherit vulns from 3rd-party components (magpie?) which need more investigation@anantshri@attritionorg -
I agree
@SushiDude that we have started some checks at our end and next set will take care of it.@anantshri@attritionorg -
@SushiDude@attritionorg There is a section http://codevigilant.com/category/a9-using-components-with-known-vulnerabilities/ … to deal with such disclosures specifically@anantshri -
.
@CodeVigilant in CVE,@OSVDB, etc. we use an ID for the vuln component, not mult IDs for each product using it@attritionorg@anantshri -
@SushiDude agreed, That's why all entries in A9 will list prior CVE assignment, update already in process@anantshri@OSVDB@attritionorg -
@CodeVigilant@SushiDude@anantshri@OSVDB depending on how you ask for assignment, CVE can issue a new one for old issue w/o realizing -
@attritionorg got the point, intent from start was not to ask for CVE in A9 issues,but report & catalog it@CodeVigilant@SushiDude@OSVDB -
@anantshri@CodeVigilant@SushiDude@OSVDB excellent. if you share details, CVE can weed those out faster than researchers usually
End of conversation
New conversation -
-
-
@attritionorg@SushiDude@kurtseifried@wireghoul@CodeVigilant That can be retified. I will make sure next set for XSS has this detail too. -
@anantshri@SushiDude@kurtseifried@wireghoul@CodeVigilant excellent thanks!
End of conversation
New conversation -
-
-
@attritionorg@anantshri@SushiDude@wireghoul@CodeVigilant REd Hat Bugzilla has details like that, beyond that I have no control -
@kurtseifried that was directed to the CodeVigilant side.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.