oss-sec mailing list archives
Re: Strange CVE situation (at least one ID should come of this)
From: Josh Bressers <bressers () redhat com>
Date: Fri, 2 Nov 2012 07:55:44 -0400 (EDT)
That's not the same as a generic "don't use this." For this CVE-2012-2400, there is a specific advisory from a specific vendor telling customers to patch a vulnerability. It's "unspecified" all over the place due to lack of details, so risk analysis is problematic, but it's a statement of some kind of vulnerability in a specific version by an authoritative source. Oracle and HP publish advisories like this on a regular basis.
This isn't meant to be a troll, it's a legitimate question. So if someone publishes an advisory stating "I have found a number of security flaws in product X." Would that get the same sort of CVE ID? I of course don't approve of such advisories, my curiosity is academic. Thanks. -- JB
Current thread:
- Strange CVE situation (at least one ID should come of this) Josh Bressers (Oct 26)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Henri Salo (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)