oss-sec mailing list archives
Re: CVE Request for illumos distributions
From: Marcus Meissner <meissner () suse de>
Date: Sun, 4 Jan 2015 20:06:59 +0100
On Sun, Jan 04, 2015 at 09:53:26AM -0800, Alan Coopersmith wrote:
On 01/ 3/15 10:26 PM, gremlin () gremlin ru wrote:On 2015-01-04 15:06:51 +1100, Dave Horsfall wrote: >> | Use CVE-2014-9491. >> Shouldn't we be using CVE-2015-XXXX by now? > I'd rather see CVE-2015-XXXXX - look how close we came... > Is there a CVE for that? First CVE ID in 2015 is CVE-2015-0001; once we get to CVE-2015-9999, the next ID will be CVE-2015-10000.Except that https://cve.mitre.org/cve/identifiers/syntaxchange.html says they won't wait that long, and will issue a 5 digit CVE ID in the next couple of weeks. (Even without that, CVE ID's aren't strictly issued in order, as blocks of id's go out to each numbering authority for them to assign as needed.)
main part of this page: IMPORTANT: The variable length arbitrary digits will begin at four (4) fixed digits and expand with arbitrary digits only when needed in a calendar year, for example, CVE-YYYY-NNNN and if needed CVE-YYYY-NNNNN, CVE-YYYY-NNNNNNN, and so on. This also means there will be no changes needed to previously assigned CVE-IDs, which all include 4 digits. The rule is: - 4 digits until 9999 - 5 digits until 99999 - 6 digits until 999999 - 7 digits starting with 1000000 2014 CVEs can still get assigned by the rules, so they will slowly creep up a bit still. But in general new issues will now get 2015 CVEs. Ciao, Marcus
Current thread:
- Re: CVE Request for illumos distributions cve-assign (Jan 03)
- Re: CVE Request for illumos distributions Christos Zoulas (Jan 03)
- Re: CVE Request for illumos distributions Joshua Rogers (Jan 03)
- Re: CVE Request for illumos distributions Dave Horsfall (Jan 03)
- Re: CVE Request for illumos distributions gremlin (Jan 03)
- Re: CVE Request for illumos distributions Alan Coopersmith (Jan 04)
- Re: CVE Request for illumos distributions Marcus Meissner (Jan 04)
- Re: CVE Request for illumos distributions Steven M. Christey (Jan 04)
- Re: CVE Request for illumos distributions Christos Zoulas (Jan 03)
- Re: CVE Request for illumos distributions Steven M. Christey (Jan 04)