oss-sec mailing list archives
Re: Reserved CVE for pip
From: Donald Stufft <donald () stufft io>
Date: Wed, 7 Aug 2013 22:22:24 -0400
On Aug 7, 2013, at 10:21 PM, Kurt Seifried <kseifried () redhat com> wrote:
Signed PGP part On 08/07/2013 11:20 AM, Donald Stufft wrote:So I was researching pip's CVE's some more and I came across CVE-2013-1888 which Kurt assigned http://www.openwall.com/lists/oss-security/2013/03/22/10 but which shows up as RESERVED https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1888. Can you fix this so it's not RESERVED Kurt? ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFANope. http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures#Description Description This is a standardized text description of the issue(s). One common entry is: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. This means that the entry number has been reserved by Mitre for an issue or a CNA has reserved the number. So in the case where a CNA requests a block of CVE numbers in advance (e.g. Red Hat currently requests CVEs in blocks of 500) the CVE number will be marked as reserved even though the CVE itself may not be assigned by the CNA for some time. Until The CVE is assigned AND Mitre is made aware of it (e.g. the embargo passes and the issue is made public) AND Mitre has researched the issue and written a description of it entries will show up as "** RESERVED **". Mitre: can we consider changing the text to be more explanatory, I get requests for this constantly (people seem t think I run the database or something ;). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
I was asking you because you assigned the CVE in question ;) ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Reserved CVE for pip Donald Stufft (Aug 07)
- Re: Reserved CVE for pip Kurt Seifried (Aug 07)
- Re: Reserved CVE for pip Donald Stufft (Aug 07)
- Re: Reserved CVE for pip Kurt Seifried (Aug 07)