oss-sec mailing list archives

Re: MITRE is adding data intake to its CVE ID process

From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Sat, 11 Feb 2017 09:20:55 -0600 (CST)

On Sat, 11 Feb 2017, Moritz Muehlenhoff wrote:


Having CVEs assigned is of lesser importance, this was never primarily
why we posted security vulnerabilities here. Obtaining CVE IDs caused
little overhead on our side, but if that changes (and the announced
changes sound like that), then there will simply be less CVE coverage
I'm afraid.

In my perhaps limited experience, Debian package maintainers do nottake action to correct a security issue in stable distributions unlessa CVE is assigned. They do not usually act merely based on theupstream package developer/maintainer reporting that they discoveredand fixed a security issue. If it is more challenging to get a CVEassigned, then many more security issues in stable distributions willremain unfixed.


Bob
--
Bob Friesenhahn
bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Current thread:

Re: MITRE is adding data intake to its CVE ID process, (continued)
- - Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
    - Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
    - Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
    - Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Priedhorsky, Reid (Feb 10)
  - Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
    - Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
  - RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
    - RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)
  - Re: MITRE is adding data intake to its CVE ID process Seth Arnold (Feb 10)
    - RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 10)
    - RE: MITRE is adding data intake to its CVE ID process Williams, Ken (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Mats Wichmann (Feb 10)
    - Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)

(Thread continues...)