oss-sec mailing list archives

Re: Re: CVE Request for KIO/kmail

From: Richard Moore <rich () kde org>
Date: Sun, 15 Jun 2014 21:32:54 +0100

On 15 June 2014 19:29, Yves-Alexis Perez <corsac () debian org> wrote:

On dim., 2014-06-15 at 16:55 +0100, Richard Moore wrote:

In the past when I've tried to use the cve-assign address it has

basically

been a black hole. Since then I've either asked redhat or one of the

other

OSS vendors for a CVE. I've used the distros () vs openwall org now as a
fallback.

I'd also note as part of the meta discussion that I'm not going to

release

details of vulnerabilities to a public list  before the fix, and just
because someone asks for more details doesn't mean I will provide them.


May I ask why you're writing to the public oss-sec list instead of the
private distros one, then?


Yep, that's obviously a mistake on my part. It's the address I had noted
for CVE requests.

Rich.

Current thread:

CVE Request for KIO/kmail Richard Moore (Jun 15)
- Re: CVE Request for KIO/kmail Henri Salo (Jun 15)
  - Re: CVE Request for KIO/kmail cve-assign (Jun 15)
    - Re: CVE Request for KIO/kmail Richard Moore (Jun 15)
    - Re: CVE Request for KIO/kmail cve-assign (Jun 15)
    - Re: Re: CVE Request for KIO/kmail Yves-Alexis Perez (Jun 15)
    - Re: Re: CVE Request for KIO/kmail Richard Moore (Jun 15)