Hello, On Wed 10 Apr 2024 at 10:07pm +07, Max Nikulin wrote:
> On 10/04/2024 21:17, Salvatore Bonaccorso wrote: >> On Wed, Apr 10, 2024 at 12:04:06PM +0000, Ihor Radchenko wrote: >>> >>> Yes, CVE-2024-30203 title is superfluous. >>> And CVE-2024-30204 title is not accurate - it only applies to >>> certain attachments with specific (text/x-org) mime type. > [...] >> If you think the CVE assignment is not valid, then you might ask for a >> REJECT on https://cveform.mitre.org/ . > > Do 2 CVE numbers make sense to track fixes in Emacs and Org mode? Various > versions of Org mode may be loaded to different versions of Emacs and both > parties must have fixes to avoid the issue. My understanding is that one CVE for the same vulnerability in multiple code bases is normal. -- Sean Whitton
signature.asc
Description: PGP signature
