oss-sec mailing list archives
RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
From: "Christey, Steven M." <coley () mitre org>
Date: Wed, 20 Mar 2013 14:03:10 +0000
I agree that oss-security is not just for CVE requests (although that's what it feels like sometimes), but duplicate CVEs are a pain for everybody. When posting to oss-security, it's reasonable to say whether CVEs have already been requested or not. There is not a well-established infrastructure or communication channel to closely coordinate CVE assignments between MITRE and Kurt. - Steve
-----Original Message----- From: Reed Loden [mailto:reed () reedloden com] Sent: Wednesday, March 20, 2013 5:19 AM To: oss-security () lists openwall com Cc: kseifried () redhat com; Henri Salo; larry0 () me com; Christey, Steven M. Subject: Re: [oss-security] Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 20 Mar 2013 03:04:30 -0600 Kurt Seifried <kseifried () redhat com> wrote:Please don't send requests to oss-sec if you already sent a request to Mitre/anyone else. Also I don't seem to have these in my emails from Mitre (to VIM list or anywhere else)?To be fair, this list isn't just for CVE requests... It's for security issues in open source software[0]. As somebody who relies on this list and others like it to stay on top of current issues, I definitely appreciate the notification, even if CVEs have already been assigned. :) ~reed [0] http://oss-security.openwall.org/wiki/mailing-lists/oss-security -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlFJfwsACgkQa6IiJvPDPVqSigCfYT4IEI9+DgyaE3UyPCne1/Vb RpkAnAmNO0ivQgqqVQuI6CERrAJULa6L =MCHH -----END PGP SIGNATURE-----
Current thread:
- Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Henri Salo (Mar 19)
- Re: Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Kurt Seifried (Mar 20)
- Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried (Mar 20)
- Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden (Mar 20)
- RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
- RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
- Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar (Mar 20)
- Re: Ruby CVEs Solar Designer (Mar 20)
- RE: Ruby CVEs Christey, Steven M. (Mar 21)
- Re: Ruby CVEs Henri Salo (Mar 21)
- Re: Ruby CVEs Henri Salo (Mar 19)
- Re: Ruby CVEs Henri Salo (Mar 20)