oss-sec mailing list archives
Re: MITRE is adding data intake to its CVE ID process
From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Sat, 11 Feb 2017 09:20:55 -0600 (CST)
On Sat, 11 Feb 2017, Moritz Muehlenhoff wrote:
Having CVEs assigned is of lesser importance, this was never primarily why we posted security vulnerabilities here. Obtaining CVE IDs caused little overhead on our side, but if that changes (and the announced changes sound like that), then there will simply be less CVE coverage I'm afraid.
In my perhaps limited experience, Debian package maintainers do not take action to correct a security issue in stable distributions unless a CVE is assigned. They do not usually act merely based on the upstream package developer/maintainer reporting that they discovered and fixed a security issue. If it is more challenging to get a CVE assigned, then many more security issues in stable distributions will remain unfixed.
Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Current thread:
- Re: MITRE is adding data intake to its CVE ID process, (continued)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
- Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
- RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Williams, Ken (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mats Wichmann (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)