Re: [oss-security] CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android

2015-11-23 Thread Mark Cox
Unfortunately Red Hat made a mistake with the kernel issue which was actually a typo (last two digit transposition). Mitre have chosen to keep the CVE for the kernel issue as CVE-2015-5257 because it is more widely used. They have allocated CVE-2015-8320 for the Cordova issue. Please update the

Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android

2015-11-23 Thread cve-assign
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android > Is there a typo here? CVE-2015-5257 was already assigned for an issue > in drivers/usb/serial/whiteheat.c in the Linux kernel. see > https://cve.mi

Re: [oss-security] CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android

2015-11-22 Thread Salvatore Bonaccorso
Hi, Adding MITRE team to recipients. On Fri, Nov 20, 2015 at 11:39:56AM -0800, Joe Bowser wrote: > === > CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android Is there a typo here? CVE-2015-5257 was a

CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android

2015-11-20 Thread Joe Bowser
=== CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android Severity: Low Vendor: The Apache Software Foundation Versions Affected: Cordova Android versions up to and including 3.6.4 Description: Cordova uses