oss-sec mailing list archives
Re: CVE request for OpenStack Compute (nova)
From: cve-assign () mitre org
Date: Wed, 25 Mar 2015 03:13:40 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At this point, it seems best to define the affected releases for CVE-2015-2687 to include Icehouse and Juno, in addition to Havana. There is at least one person (hfamily15) who believes it is a vulnerability within all of these releases, and nobody has indicated that it must not be considered a vulnerability within any of these releases. This means that the http://openwall.com/lists/oss-security/2015/03/24/10 text starting with "It is conceivable that" is no longer applicable. The CVE project is not attempting to suggest that the existence of a CVE ID associated with a supported release means that an OSSA is required.
Of the many reports we initially receive as potential vulnerabilities, only a fraction actually end in an advisory
Similarly, there's obviously no obligation to send a notification to oss-security whenever a potential vulnerability has been evaluated. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVEl+mAAoJEKllVAevmvmseZEH/2lDzJcTCXE0jPoT3mL+ytLE 7idFQK32HepABqgS/y2GfdI+xlOUHylfAWYgk8AslSbv1OvhGgwwyz64JKiRu7ZW MKFALlVqLVeWaQNepn2JS0mS+g2OaWUDI2zQB62FzB6MobC2Z9R3lyCdtwQUaNUt ywbRyCSR4rY2e1pu+WmACQbGevwNC4OQh5oQTaLB0rvivYrK8j4fb+s7uMxLsxKM fLkkIIIu7DGmgj+Zupzay/xzb120bKG4loXLhj64We+REYVnINM/kellsmBIbexB a1hxDGqycXLAXSxgeCDigfmxNBMuAmIQLMSmGY6ekbHLfIrwthWYChbZHaFfgFU= =3MQv -----END PGP SIGNATURE-----
Current thread:
- CVE request for OpenStack Compute (nova) Garth Mollett (Mar 23)
- Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 24)
- Re: CVE request for OpenStack Compute (nova) Garth Mollett (Mar 24)
- Re: Re: CVE request for OpenStack Compute (nova) Jeremy Stanley (Mar 24)
- Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 25)
- Re: CVE request for OpenStack Compute (nova) Jeremy Stanley (Mar 25)
- Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 24)