Comment 6 for bug 2071574

Hi,

As confirmed with Matthew Hagemann earlier, please use CVE-2024-6714 to refer to this vulnerability, including in any private commit messages or release notes.

Additionally, we have assigned a CVSS of 8.8 (high) for this, with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Please let us know if you consider this incorrect.

Would I be right in thinking that the patch is going to land in the archive for both noble and oracular?

Finally, could you please give us a 48-72 hour heads-up before release, so that we can publish CVE details when the update lands?

Thank you!

Edited on 2024-07-19: refer to CVE-2024-6714, previously said CVE-2024-6713, which is incorrect.