Created on 2018-10-18.00:06:35 by ced, last changed 24 months ago by ced.
> Cédric Krier <firstname.lastname@example.org> added the comment: > > As we can not get CVE number on time, I propose to stop caring about CVE > numbers. Our issue number is already a unique identifier for the issue. My information from the security team: Everyone can request one for public issues https://cveform.mitre.org -> "Select a request type" -> "Request a CVE ID" They're usually quick to reply, rarely more than a day.
As we can not get CVE number on time, I propose to stop caring about CVE numbers. Our issue number is already a unique identifier for the issue.
CVE-2018-19443 was assigned directly from MITRE by request from Debian for https://discuss.tryton.org/t/security-release-for-issue7792/830 https://bugs.tryton.org/issue7792 Please update the advisories accordingly.
I wrote the news: https://discuss.tryton.org/t/security-release-for-issue7792/830
I requested to https://distributedweaknessfiling.org/, I got few exchange but I still have no number. I think we should not wait longer for that. (We can still add the number to the news later). I propose to make the security release on Wednesday 31 October.
I sent a request for a number.
I propose to get a CVE number for this one.
Could you include us as reviewers? I can not see the review as it's marked as private
Here is review54401002
The bus is started before a connection is set so the ssl property returns always false. So the Bus always try to connect without SSL. For me, it is a security issue because the session is passed in clear on the network.
|2018-11-23 14:49:36||ced||set||status: chatting -> resolved|
|2018-11-23 14:20:07||yangoon||set||status: resolved -> chatting|
messages: + msg44990
|2018-11-23 13:54:41||ced||set||status: chatting -> resolved|
messages: + msg44989
|2018-11-23 13:41:28||yangoon||set||status: resolved -> chatting|
messages: + msg44988
|2018-10-31 08:41:28||ced||set||status: testing -> resolved|
messages: + msg44662
|2018-10-27 10:43:57||ced||set||messages: + msg44627|
|2018-10-27 10:04:50||ced||set||messages: + msg44626|
|2018-10-24 18:37:43||ced||set||messages: + msg44557|
|2018-10-23 18:40:01||ced||set||messages: + msg44536|
|2018-10-18 09:20:51||ced||set||messages: + msg44447|
Showing 10 items. Show all history (warning: this could be VERY long)