Re: CVE Request

[David Cramer <david () getsentry com>]

Thanks Alexander 

I was curious about that.

It might be worthwhile to update this page (which is where I came from) with more details:

http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html 

On Monday, December 8, 2014 at 6:02 PM, Solar Designer wrote: 
> On Mon, Dec 08, 2014 at 03:28:12PM -0800, David Cramer wrote:
> > (Pardon my complete lack of any clue how this process works) 
> >
> > Now seems like a good time to formalize our internal policy of how we do security releases, and while we might have 
> > already butchered this one, it was suggested we attempt to get a CVE assigned.
> >
> > Software name and optionally vendor name
> > raven-ruby (part of Sentry)
> >
> > Type of vulnerability
> > DoS
>
>
> I expect someone else will get back to you regarding the CVE request,
> but I'd like to ask that we please always include the affected software
> name and usually also the vulnerability type in the Subject line of
> messages posted in here. Many of us don't care about CVEs much, but
> would like to notice information about vulnerabilities possibly relevant
> to us. Also, having two or more mere "CVE Request" threads on the list
> almost at once is confusing. A better Subject line would have been e.g.
> "CVE Request - raven-ruby (part of Sentry) DoS". Thanks!
>
> Alexander