Re: CVE request: notmuch

[Florian Weimer <fw () deneb enyo de>]

* Kurt Seifried:

> Potentially stupid Q, why no CVE request from Debian? I'm happy to
> assign them, especially for stuff that qualifies for a DSA, it will
> almost certainly qualify for a CVE.

Based on our current agreement with MITRE, we can only assign names to
issues which are not yet public.  The fix for this notmuch issue was
already released (and labeled as a potential security issue) when we
were contacted.