oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange CVE situation (at least one ID should come of this)

From: Josh Bressers <bressers () redhat com>
Date: Fri, 2 Nov 2012 07:55:44 -0400 (EDT)

That's not the same as a generic "don't use this."  For this
CVE-2012-2400, there is a specific advisory from a specific vendor
telling customers to patch a vulnerability.  It's "unspecified" all over
the place due to lack of details, so risk analysis is problematic, but
it's a statement of some kind of vulnerability in a specific version by an
authoritative source.

Oracle and HP publish advisories like this on a regular basis.



This isn't meant to be a troll, it's a legitimate question.

So if someone publishes an advisory stating "I have found a number of
security flaws in product X." Would that get the same sort of CVE ID?

I of course don't approve of such advisories, my curiosity is academic.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: