> Christian Fischer <[hidden email]> writes:
>> On Fri, 03 Aug 2018 14:42:16 +0200 [hidden email] (Ferenc Wágner) wrote:
>>> Unfortunately the CVE hasn't arrived yet; I'll
>>> forward it to you once it does. My acknowledgement mail is of
>>> subject "CVE Request 548000 for CVE ID Request" from
>>> [hidden email] (just for the record).
>> have you received a CVE for this issue yet? Tried to look around in
>> various sources but wasn't able to identify a published CVE for this
>> issue yet.
> I haven't received a CVE for this issue, unfortunately. My original
> request was deflected by Mitre saying that the Apache Software
> Foundation should issue this CVE. However, the Apache webpage states
> that they issue IDs for undisclosed vulnerabilities only. My three
> followup mails asking for clarification remained unanswered by Mitre.
> To add more bad news, according to http://santuario.apache.org/ the just
> released 2.0.2 fixes a very similar bug, which might mean another DoS; I
> couldn't investigate yet. But if it does, we'll need yet another CVE
> for that. I'm sending out some queries.
> On 2018-11-06 14:43, [hidden email] wrote:
>> Dear Security Team, please consider yourselves notified and please
> [hidden email] is *not* a contact point for the
> Security Team, it's a public discussion list.