oss-sec mailing list archives
Re: CVE's for SSLv2 support
From: cve-assign () mitre org
Date: Tue, 1 Mar 2016 13:43:39 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
much like we would for products supporting DES or other known insecure cryptographic algorithms, hashes, digests and protocols?
It's unclear what the word "we" means here. If Red Hat at some point wrote code that ships in a Red Hat product and, upon internal review, Red Hat discovers that it supports (for example) DES, then Red Hat can choose to assign a CVE ID if Red Hat is announcing a required security update to remove DES for reasons of Red Hat policy or perceived expectations of Red Hat customers. MITRE does not assign CVE IDs to track whether the universe of products has similar or dissimilar time scales in adapting to technology changes. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW1eJFAAoJEL54rhJi8gl5XpEP/2WyAGm+dz+xLncacnp1fnOr iBa0db4eAkxG52l4kUO0Z01/xJD95LvdGiBTOBlfFJ9BUubVIoNvKRq3FrDzB2+s VxuJSEpgD++Y5SW9TmpUs/BinM/SgUZdj03z2d74V15IB60s+p4WdszG+zrKt0Pq YmPIouVAq3Fzb+ovCvGs0kjNuLmMWI3OntH6xWM+OHdNLbwzhSihbIP4BzolBnm5 dLnLmQdrElD8nXrVWqfHIPOBvaiz297jYBEFT6dztbfdTR5GreS/GqgAS4qiBwl+ ZTnqVdVBNx7pbEzkMJcFZznm7HKS7lTegiRq32BC5sLXbppDEUy0eNZIArkpeVCr Pb2QNGrt6xF0ueRmyO/FyestW1dV3a77ry8xjY9trozB6yvOf+WR7t40x/Ovt13U oEARKy7m3P/f2nV6gnfvtBhrEq8fm0VCVQiEZaXk6fs5NUHCC72ex0ewq3qBAc4o lvP4O1fqLQYf4gtSZz46raR0Tear6m3kn3rJEEznNwP562v4cL1vrxnX2bn5z9Ad t81pUaILikYB7Ft5+/+pdE/kcVR7m4B6NPq6JojXU7ECZjydgpZcGk16ILVlNTar UNY1Okh+QOg5Y5weCeMzpTQD4CsXUyLJuDu2tmaLvPKBu8x+dnsBoVt9Lbstefbr qRfdvYK+lXat94W+DxPh =QGDB -----END PGP SIGNATURE-----
Current thread:
- CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support Loganaden Velvindron (Mar 01)
- Re: CVE's for SSLv2 support Grant Ridder (Mar 01)
- Re: CVE's for SSLv2 support Stuart Henderson (Mar 01)
- Re: CVE's for SSLv2 support gremlin (Mar 01)
- Re: CVE's for SSLv2 support cve-assign (Mar 01)
- Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support cve-assign (Mar 01)
- Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support cve-assign (Mar 01)
- Re: Re: CVE's for SSLv2 support Tim (Mar 01)
- Re: Re: CVE's for SSLv2 support Bob Beck (Mar 01)
- Re: Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: Re: CVE's for SSLv2 support Bob Beck (Mar 01)
- Re: Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: Re: CVE's for SSLv2 support Steve Grubb (Mar 02)
- Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support Loganaden Velvindron (Mar 01)