Re: CVE Requests

[Mark Stanislav <mark.stanislav () gmail com>]

None of the details of these issues have been publicly discussed or released as I am trying (without much success) to 
allocate a CVE prior to sending out a coordinated advisory including that identifier as I always have done and as the 
mitre site indicates to do.

There are no reference links to provide and I am not publicizing details on this list before the developer can be 
informed of the CVE.

I'm happy to take this off list as I am sure no one cares about any of this discussion but as I tried to do this 
privately initially before being told to email the list instead, I'm hesitant to bother.

Follow-up off list if you like, else I'll just skip this process and release advisories without them.

Thanks for your time,

-Mark

On Mar 15, 2012, at 11:41 PM, Kurt Seifried <kseifried () redhat com> wrote:

> On 03/15/2012 09:00 PM, Mark Stanislav wrote:
> > On Mar 15, 2012, at 10:47 PM, Kurt Seifried <kseifried () redhat com> wrote:
> >
> > > On 03/15/2012 07:30 PM, Mark Stanislav wrote:
> > > > #1,2,3 are all included
> > >
> > > ? Sorry but I have literally no idea what that means.
> >
> > You gave be a numbered list of requirements, I was confirming the existence of those first three for each 
> > vulnerability were found with my original email to the list.
>
> I need the actual info, please refer to:
>
> http://www.openwall.com/lists/oss-security/2012/03/16/2
> http://www.openwall.com/lists/oss-security/2012/03/15/9
> http://www.openwall.com/lists/oss-security/2012/03/14/6
> http://www.openwall.com/lists/oss-security/2012/03/12/7
>
> etc.
>
>
> -- 
> Kurt Seifried Red Hat Security Response Team (SRT)