oss-sec mailing list archives
Re: Strange CVE situation (at least one ID should come of this)
From: cve-assign () mitre org
Date: Fri, 2 Nov 2012 14:49:54 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
So if someone publishes an advisory stating "I have found a number of security flaws in product X." Would that get the same sort of CVE ID?
CVE assignment at MITRE attempts to distinguish between "disclosures" and "rumors" although admittedly this is not 100% successful. In the specific case you mentioned, if there's no maintainer relationship between "I" and "product X" and no other available context, then no CVE is assigned. More generally, there are various cases in which exactly the same statement would have a different CVE assignment decision depending on whether the statement came from a vendor or other software maintainer. This has been mentioned here before; for example, see http://openwall.com/lists/oss-security/2011/12/30/4 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJQlBRTAAoJEGvefgSNfHMdKAwH/icGoCMaheqgi4cQG4XsChlb EaRDQLeN9XhaBp1pk7G+rnKaBNUBf25cVKKkTl8eJ/Y7zkP7eCU8G4aW5tjSBapw wNRErtss6mGQjOUt0QtWw9RmbMPR/u9r3ulQvsi1Py2Zp9XSjloiAUrXcgumjdmQ C/1SLGLRLNXPWOzhQvl8uPWCZLgoqhFX46/Knf61UX+Z62hwD7USDfE47MHdSj4b C4SecVWSAUwWnlfSr94cV9bRWUdZ0JvR2+KtjytKA4wTXjeZXsi7FPvnY0TBCmU8 lE2gGZEzgzLbDcQqZU2Pk+WiH0jDSp8DmtxhCN/zV9ZvZAyaoBwE9BePBIofo0Q= =3WP8 -----END PGP SIGNATURE-----
Current thread:
- Re: Strange CVE situation (at least one ID should come of this), (continued)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Henri Salo (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)