oss-sec mailing list archives
Re: CVE assignment from previous years
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 19 Dec 2011 21:17:40 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/19/2011 07:52 PM, Tim Sammut wrote:
Hi, Is there a general guideline that is commonly used when deciding to issue a CVE name from the pool of a previous year versus the current year's pool? thanks and hope all is well tim
Generally speaking the year the vuln was found or reported is the year that gets used for the CVE. Example: I just assigned a CVE-2005. - -- - -Kurt Seifried / Red Hat Security Response Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAEBAgAGBQJO8AxkAAoJEBYNRVNeJnmTxqsP/R5Zo+nEt1ks1qlVe2zT1b/v 3OBhXhwGlzFvEHjiWb3+4PPvTc3qQBrnt+CySl5ZsIePJ4XObtwSDY6QKoP41Uvx CvatEQsAtAX/RN04t3B8RlB3Q4SJviin9MdaaTs7pKimNrR9ZrwiBYW0Nf/7RFG0 r0BYhHlEr7oxTSW7ni1O80s9UFqxJvJwe36NyJPIPXEYsgZYhsYdI+8zMnxNufGP NKg3ZGH7CJ7vcVNbqx+EjKn2Qoi/g3VE1zCPjFdL3kX/lAD5GuN/CRAn/TlLRchZ R3Y2YaserNMRku/GjvBi6Fj+t1neqOrXdmH6OoUKNimMdtt7oqGZe9pe9gcr4S/K NHqR18t5LDJfwUphGwa62+s78CH5x2UP78hrxOf2JtI2SJkXj3t9/mg5b1RGXmae zge9gnO9zBE1BonR0j+llIPtG7zd0GEASq97TnGalsipsQkuNx1Yf8pTZI46Jea9 CQyP4X+aF1+ZNNzzEiRPyQyzXMh93xLHlNOrPX7Oj9pF6sI1qpoJYgGr5TZYy4FK 0n7Z4WSuKwUlVNMd/koW6wGIoEvAi1F6hvjBpZTUIB+iUXTBQF526Y2ikIgJZw0L h7J9VI//0oLZ/76yEDk0zeV1IZyh08SwlttCQJtt/f4T7r5IzAFjH7eZ0J0zupsX syNxyLPeENLlA83aB+Pm =Srqi -----END PGP SIGNATURE-----
Current thread:
- CVE assignment from previous years Tim Sammut (Dec 19)
- Re: CVE assignment from previous years Kurt Seifried (Dec 19)
- Re: CVE assignment from previous years Steven M. Christey (Dec 20)
- Re: CVE assignment from previous years Kurt Seifried (Dec 20)
- Re: CVE assignment from previous years Steven M. Christey (Dec 20)
- Re: CVE assignment from previous years Kurt Seifried (Dec 19)