Re: CVE-2015-7266

["Zach W." <kestrel () trylinux us>]

Hey Kurt,

I figured as much but since the vuln has been made public what happens now?

Zach W.

On 11/18/2015 4:01 PM, Kurt Seifried wrote:
> On Wed, Nov 18, 2015 at 4:58 PM, Zach W. <kestrel () trylinux us> wrote:
>
> > Hey all,
> >
> > Anybody have any idea what the deal is with this CVE, since it's
> > referenced in http://media.pixalate.com/white-papers/xindi.pdf? It's
> > being splattered all over the news, but the CVE is still in "reservered"
> >
> > Zach W.
> As per the Wikipedia entry:
>
> https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures#Description
>
> This is a standardized text description of the issue(s). One common entry
> is:
>
> ** RESERVED ** This candidate has been reserved by an organization
> or individual that will use it when announcing a new security problem.
> When the candidate has been publicized, the details for this
> candidate will be provided.
>
> This means that the entry number has been reserved by Mitre for an issue or
> a CNA has reserved the number. So in the case where a CNA requests a block
> of CVE numbers in advance (e.g. Red Hat currently requests CVEs in blocks
> of 500), the CVE number will be marked as reserved even though the CVE
> itself may not be assigned by the CNA for some time. Until the CVE is
> assigned AND Mitre is made aware of it (e.g. the embargo passes and the
> issue is made public), AND Mitre has researched the issue and written a
> description of it, entries will show up as "** RESERVED **".