@CodeVigilant also, plugins may inherit vulns from 3rd-party components (magpie?) which need more investigation @anantshri @attritionorg
-
-
Replying to @SushiDude
I agree
@SushiDude that we have started some checks at our end and next set will take care of it.@anantshri@attritionorg1 reply 0 retweets 0 likes -
Replying to @CodeVigilant
@SushiDude@attritionorg There is a section http://codevigilant.com/category/a9-using-components-with-known-vulnerabilities/ … to deal with such disclosures specifically@anantshri2 replies 0 retweets 0 likes -
Replying to @CodeVigilant
.
@CodeVigilant in CVE,@OSVDB, etc. we use an ID for the vuln component, not mult IDs for each product using it@attritionorg@anantshri1 reply 0 retweets 0 likes -
Replying to @SushiDude
@SushiDude agreed, That's why all entries in A9 will list prior CVE assignment, update already in process@anantshri@OSVDB@attritionorg1 reply 0 retweets 0 likes -
Replying to @CodeVigilant
@CodeVigilant@SushiDude@anantshri@OSVDB depending on how you ask for assignment, CVE can issue a new one for old issue w/o realizing1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg got the point, intent from start was not to ask for CVE in A9 issues,but report & catalog it@CodeVigilant@SushiDude@OSVDB2 replies 0 retweets 0 likes -
Replying to @anantshri
@attritionorg if there is a erroronous CVE request we will make sure an update email is sent to cve.@CodeVigilant@SushiDude@OSVDB2 replies 0 retweets 0 likes -
Replying to @anantshri
.
@anantshri@attritionorg@CodeVigilant@OSVDB you could search cve web site for IDs for most of the A9 issues (a couple might not have one)1 reply 0 retweets 0 likes -
Replying to @SushiDude
@SushiDude Thanks will get this worked on ASAP@attritionorg@CodeVigilant@OSVDB2 replies 0 retweets 0 likes
@anantshri @SushiDude @CodeVigilant if you need help on base issue stuff, mail me. we track it as best we can on @OSVDB
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.