oss-sec mailing list archives
Re: CVE request: pyxtrlock
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 15 Oct 2013 12:45:26 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/15/2013 12:19 PM, Leon Weber wrote:
On 15.10.2013 12:04:43, Kurt Seifried wrote:On 10/15/2013 07:14 AM, Leon Weber wrote:Do you think this isn't CVE worthy, or was the request just lost between other work? :-)Sorry, meant to reply, forgot. This was the one where I was wondering how many people us it. Debian doesn't ship it, nor does Red Hat, Fedora. When I searched it in Google it tries to correct me to "xtrlock", and for the term I get 644 results, so I'm thinking this falls into the "not enough people use it to make a CVE worthwhile" category, is that correct, or is there a large user pool/other factors I'm unaware of?No other factors, I think. We have received feedback and bug reports once in a while from a couple of people, so my best guess from that is a userbase of 10-100 people; but I can't really tell. Thanks for the reply, though. I simply wasn't sure if project size matters for CVE worthiness :-) -- Leon.
Honestly I don't know what the rule is, 10? 100? 1000? 10000? 65536? Also I assume it would depend on impact, e.g. a remote code execution flaw in a low use product, but one that is critical to the internet/specific industry would maybe be seen as CVE worthy since it helps get people on fixing these things. Mitre: any hints? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSXY1FAAoJEBYNRVNeJnmT2ocQAJyJ1hi8s/TBv104D83TYScH rx0lPWu2NaUONIZxddwkxo7omykjIJsK7+JHBjns2qb9V1Y6WXSqU+Qux0AJQR8P rPnohnqDuVFcGa1ASbUVjFqdQaFGuI32otsoZSkyFvawaNNQ5gF/tbcWg820A4VP BMNkuEJcq8ZBoM0Aa3rQorIKas5eM5HMk4CXjJHt1OHs6yOS05jB5esQc2O2298L ofkzuNYazeUGS+OAFHRm4fTJdfQFF3spUfc/TI50Tm/TEB+xgG/WxX6V8uBU+uiL 9fe0C27EvXec3ItZW2ELc/FAx+pGOLSP29wyvrObUdbdThSmUBgzNzH4JSER8fyA HKSqLlkJrj2snyZX2vuRpz7VHd0dlNanjRQra5ksGppq21sqZrhSszKpAcopDd0+ DqpbAC+QUjMd4UIkdtVnsHgsG6vxR/a5KPTvGpRaegGvsycu2T6ZFe/M4vXlqyK4 nhpAICFjCRlRJOAOox439KIegBlqgVdTkk3qbVHL4m/WAcQmGdKfvnqHPkLWD+L2 fwW8B3UObTY3Wkg+wDGhfp74eLwCJW737eoiiswaaHBfOygPTsAVF+m7wcziHYaO pJ8cK50C4fH/Lnx0dl/rBqumQTnGBa6ji4OOgetWBdUI3mWEPKFW2frz7YMpKNtt /j2/hKTJRGkwzNmtLyEc =MRYP -----END PGP SIGNATURE-----
Current thread:
- Re: CVE request: pyxtrlock Leon Weber (Oct 15)
- Re: CVE request: pyxtrlock Kurt Seifried (Oct 15)
- Re: CVE request: pyxtrlock Leon Weber (Oct 15)
- Re: CVE request: pyxtrlock Kurt Seifried (Oct 15)
- Re: CVE request: pyxtrlock cve-assign (Oct 15)
- Re: Re: CVE request: pyxtrlock Kurt Seifried (Oct 15)
- Re: CVE request: pyxtrlock Leon Weber (Oct 15)
- Re: CVE request: pyxtrlock Kurt Seifried (Oct 15)