oss-sec mailing list archives

Re: How to request a CVE for open source projects

From: Kurt Seifried <kseifrie () redhat com>
Date: Mon, 22 May 2017 15:13:42 -0600

Well actually they can. Why do you think we (DWF) have an extensible Json format with the data hosted in git? Hint: so 
people can contribute.


-Kurt

On May 22, 2017, at 13:45, Kurt H Maier <khm () sciops net> wrote:

On Mon, May 22, 2017 at 08:57:21PM +0200, Marcus Meissner wrote:

Please everyone do the distributors a favour and link to GIT commits with fixes for
the requested CVE or at least explicit single reproducers, as we have increasing trouble
of associating CVEs with the correct place in code.


This is only gonna get worse now that mitre cut the mailing list out of
the process, and third-party participants can no longer add commentary
and insight into the reported vulnerabilities.

khm

Current thread:

How to request a CVE for open source projects Michael Catanzaro (May 22)
- Re: How to request a CVE for open source projects Marcus Meissner (May 22)
  - Re: How to request a CVE for open source projects Kurt H Maier (May 22)
    - Re: How to request a CVE for open source projects Kurt Seifried (May 22)
    - Re: How to request a CVE for open source projects Kurt H Maier (May 22)
    - Re: How to request a CVE for open source projects Kurt Seifried (May 22)
    - Re: How to request a CVE for open source projects Kurt H Maier (May 22)
    - Re: How to request a CVE for open source projects Kurt Seifried (May 22)
    - Re: How to request a CVE for open source projects Kurt H Maier (May 22)
    - Re: How to request a CVE for open source projects Perry E. Metzger (May 22)
    - Re: How to request a CVE for open source projects Kurt Seifried (May 23)
- Re: How to request a CVE for open source projects Jeremy Stanley (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
  - Re: How to request a CVE for open source projects Martin (May 22)

(Thread continues...)