@anantshri @SushiDude @kurtseifried @wireghoul @CodeVigilant if you have influence, can future advisories indicate stored vs reflected?
-
-
Replying to @attritionorg
@CodeVigilant also, plugins may inherit vulns from 3rd-party components (magpie?) which need more investigation@anantshri@attritionorg1 reply 0 retweets 0 likes -
Replying to @SushiDude
I agree
@SushiDude that we have started some checks at our end and next set will take care of it.@anantshri@attritionorg1 reply 0 retweets 0 likes -
Replying to @CodeVigilant
@SushiDude@attritionorg There is a section http://codevigilant.com/category/a9-using-components-with-known-vulnerabilities/ … to deal with such disclosures specifically@anantshri2 replies 0 retweets 0 likes -
Replying to @CodeVigilant
.
@CodeVigilant in CVE,@OSVDB, etc. we use an ID for the vuln component, not mult IDs for each product using it@attritionorg@anantshri1 reply 0 retweets 0 likes -
Replying to @SushiDude
@SushiDude agreed, That's why all entries in A9 will list prior CVE assignment, update already in process@anantshri@OSVDB@attritionorg1 reply 0 retweets 0 likes -
Replying to @CodeVigilant
@CodeVigilant@SushiDude@anantshri@OSVDB depending on how you ask for assignment, CVE can issue a new one for old issue w/o realizing1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg got the point, intent from start was not to ask for CVE in A9 issues,but report & catalog it@CodeVigilant@SushiDude@OSVDB2 replies 0 retweets 0 likes -
Replying to @anantshri
@attritionorg if there is a erroronous CVE request we will make sure an update email is sent to cve.@CodeVigilant@SushiDude@OSVDB2 replies 0 retweets 0 likes -
Replying to @anantshri
.
@anantshri@attritionorg@CodeVigilant@OSVDB more interesting are the non-A9 that suggest 3rd party component; will cover in email later2 replies 0 retweets 0 likes
@SushiDude @anantshri @CodeVigilant @OSVDB cc me! we have a list of 'to figure out' re: 3rd-party component
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.