oss-sec mailing list archives
Re: CVE Requests
From: Eugene Teo <eugene () redhat com>
Date: Mon, 19 Mar 2012 09:44:37 +0800
On 03/17/2012 12:11 AM, Mark Stanislav wrote:
All points being made are very much valid and I certainly understand how contextually oss-sec may be used to allocation requests under different circumstances. So here's my situation, I'm up for suggestions (of which, "wait longer", is perfectly viable!)... 1) March 1st, I sent 2 of these CVEs over to Steve Christy at MITRE who had previously allocated 9 prior CVEs in a day or two generally
[...] I think the problem is simple. Mark, if the patch is released, that means it's public even if the details are not publicly discussed. Provide the patch information (hash, link to the patch, etc), and we will assign CVE names. No one will be confused if there are duplicate names assigned to them. If you are not comfortable talking about these issues in public, sure, use http://oss-security.openwall.org/wiki/mailing-lists/distros. And we will follow-up from there. Keep Steve and/or MITRE cc'ed. No one wants to make things difficult for you. If everyone does their part, names will be allocated very quickly. Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- Re: CVE Requests, (continued)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Mark Stanislav (Mar 16)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Andreas Ericsson (Mar 16)
- Re: CVE Requests Adam D. Barratt (Mar 16)
- Re: CVE Requests Mark Stanislav (Mar 16)
- Re: CVE Requests Tim Brown (Mar 16)
- Re: CVE Requests Mark Stanislav (Mar 16)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Tim Brown (Mar 16)
- Re: CVE Requests Eugene Teo (Mar 18)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Andreas Ericsson (Mar 19)