Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> This was sent by MITRE as part of the CVE assignment. It seems likely
> to us (the Xen Project security team) that the CVE assignment was a
> consequence of our embargoed predisclosure to xen-security-issues.

MITRE typically does not know about multi-party embargo arrangements
affecting Linux vendors and various other vendors, and did not know
about any multi-party embargo arrangement in this case. If anyone who
is regularly involved in vulnerability remediation affecting the
open-source community asks MITRE to send an announcement of a CVE
assignment to oss-security, we send that announcement without any
investigation of disclosure restrictions. Although it is unfortunate
if such an announcement had an adverse effect on a planned disclosure
timeline, we feel that this is an isolated case and does not mean that
we need to reevaluate our approach. Also, once an issue is mentioned
on oss-security by anyone, we consider the issue fully public and we
sometimes proceed to publish a CVE immediately.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSnRcQAAoJEKllVAevmvmshl8H/0d/jkBYZP11YbWOzTXQrKGj
exCXvUaC6BOukr1+u1eh7GR1W98NY5S7DT3oHDu0DzAfJ2iR4AAM0513V9mCUo/f
LBBGsw+pyzPKeI5UQdXJ8GQ0Ut/WlbMB4qj0+ZuwKjCKFCdir2Xx7H0H3Ptb3qik
38JgvO+bpMxDWnrF+Nh6SkuocB9jXuDCbCGO5Q4jaj1CcExmaRV9H8A0O4VbvtTj
VQa+eY48H7WpBqKUrKylo/zZT5pBs/3tH0FSymiGLP9aFCDAl5xazf9LWq3iow/D
AND3rDNlEzmDJ8zSHzx0wrvHTW8xMpj3KAk3z4D8G8XTmw7reltAVo1eGPmL6S0=
=ouMl
-----END PGP SIGNATURE-----