oss-sec mailing list archives
Re: CVE Help (CVE request for mysql bug #22413)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 25 Feb 2008 10:56:12 -0500 (EST)
FYI, I'm not on oss-security or vendor-sec. I don't necessarily see a need to be subscribed to them either, although it would be convenient. On Thu, 21 Feb 2008, Josh Bressers wrote:
I think this is a good opportunity to ask you how we can use this list to make your life easier. Perhaps it's worth thinking about ways some of the subscribed CNAs can dish out CVE ids to reduce your load a little bit for these public issues that obviously lack a proper id.
I'd think that if it's a technically-public issue that probably hasn't made it into the "mainstream" yet, then some CNA who gets our "CVENEW" notifications could possibly assign ID's. I'm thinking things like updates to upstream packages that aren't in a lot of distros, or a bug ID that isn't marked clearly as having security implications. However, we would also need to be notified if a CVE was assigned, to further reduce the risk of duplication. - Steve
Current thread:
- CVE request for mysql bug #22413 Jamie Strandboge (Feb 21)
- Re: CVE request for mysql bug #22413 Jonathan Smith (Feb 21)
- Re: CVE Help (CVE request for mysql bug #22413) Josh Bressers (Feb 21)
- Re: CVE Help Solar Designer (Feb 22)
- Re: CVE Help (CVE request for mysql bug #22413) Steven M. Christey (Feb 25)
- Re: CVE request for mysql bug #22413 Steven M. Christey (Feb 26)
- Re: CVE Help (CVE request for mysql bug #22413) Josh Bressers (Feb 21)
- Re: CVE request for mysql bug #22413 Jonathan Smith (Feb 21)