Re: Fwd: Incorrect CVE mappings in http://www.postgresql.org/support/security/ page - Mailing list pgsql-www

This was sent to pgsql-security, but there's no security issue as such,
so reposting to the list where people can fix it.

                        regards, tom lane

------- Forwarded Message

Date:    Fri, 28 Mar 2014 15:41:48 +0000
From:    "Christey, Steven M." <coley@mitre.org>
To:      "security@postgresql.org" <security@postgresql.org>
cc:      Assign a CVE Identifier <cve-assign@mitre.org>
Subject: [pgsql-security] Incorrect CVE mappings in
         http://www.postgresql.org/support/security/ page

Hello,

On your http://www.postgresql.org/support/security/ page, you have the entries for CVE-2014-0063 and CVE-2014-0064 switched.  That is, CVE-2014-0063 should be for the "Potential buffer overruns in datetime input/output," and CVE-2014-0064 should be for "Potential buffer overruns due to integer overflow in size calculations."

If you can fix this, it could reduce confusion by some people.  This might be the only page containing the erroneous mapping.  Other PostgreSQL pages, including the commits, associate CVE-2014-0063 with datetime and CVE-2014-0064 with the integer overflows.

Regards,
Steve Christey Coley
CVE assignment team, MITRE CVE Numbering Authority

------- End of Forwarded Message


--
Sent via pgsql-www mailing list (pgsql-www@postgresql.org)

To make changes to your subscription:

http://www.postgresql.org/mailpref/pgsql-www