|Main Archive Page > Month Archives > oss-security archives|
On Tue, 18 May 2010, Josh Bressers wrote:
>> # [Sec] Only use forum id supplied for posting if global announcement
>> detected. (Reported by nickvergessen)
> I don't understand what this means. Do you have more information?
I don't know what it means either. Another part of daily life in CVE.
However, the announcement comes from the vendor so we will ultimately call
it an unspecified vuln with unknown impact and attack vectors related to
"forum id" and "global announcement" or some equally useless description.
So this could use a CVE, too. At worst it's a signal to consumers that
they need to patch, even if the developer isn't clearly explaining why.
Not much different than your typical Linux kernel bug, actually :-/