oss-sec mailing list archives
Re: CVE id request: busybox
From: Raphael Geissert <geissert () debian org>
Date: Tue, 5 Mar 2013 14:30:39 +0100
Hi Kurt, On 4 March 2013 03:26, Kurt Seifried <kseifried () redhat com> wrote: [...]
I didn't say I;'m excluding them. I simply will require an original source, in this case the year is probably wrong.
Not bikeshedding here, but sometimes those bug reports *are* the original source. And with all due respect, it has happened before that you've asked for an "original source" (upstream commit or bug report) when there exists none. All it has lead is to the CVE request becoming stalled or even abandoned. What can we do about it? We already have a quite long list of issues without a CVE id and this is not good for anybody: https://security-tracker.debian.org/tracker/data/fake-names (nb. some of the issues in the list might already have an id but the temporary entry hasn't been removed or it was decided that no id should be assigned) Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- Re: CVE id request: busybox, (continued)
- Re: CVE id request: busybox Kurt Seifried (Mar 02)
- Re: CVE id request: busybox gremlin (Mar 03)
- Re: CVE id request: busybox Michael Tokarev (Mar 03)
- Re: CVE id request: busybox Piotr Karbowski (Mar 03)
- Re: CVE id request: busybox Michael Tokarev (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 03)
- Re: CVE id request: busybox Michael Gilbert (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 03)
- Re: CVE id request: busybox Thomas Biege (Mar 05)
- Re: CVE id request: busybox Thomas Biege (Mar 05)
- Re: CVE id request: busybox Raphael Geissert (Mar 05)
- Re: CVE id request: busybox Kurt Seifried (Mar 05)
- Re: CVE id request: busybox Raphael Geissert (Mar 06)
- Re: CVE id request: busybox gremlin (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 02)