Re: Contributing Back

[Zhang Xiao <xiao.zhang () windriver com>]

I haven't remind MITRE before. While they have an interface to make it:

https://cve.mitre.org/about/contactus.html

See the forth topic called "*To notify us about a vulnerability
publication*". I just remind them about CVE-2020-8169 and  CVE-2020-8177
with it. Hope it works. :-)


I will check the status of them on CVE/NVD website these days.


Thanks

Xiao


在 2020/7/2 下午7:34, Daniel Stenberg 写道:
> On Thu, 2 Jul 2020, Francis Perron wrote:
>
> >  this delay may be possible due to many things, but the simplest
> > possibility that comes to mind is that Daniel (here cc'd) from H1 has
> > only gotten a reservation of CVE number, and he and MITRE have not
> > triggered the submission yet.
>
> In the curl project we (nowadays) request and get CVE IDs from
> Hackerone, and we've subsequently told them to publish these two
> recent curl related CVE IDs when we made them public to the world - I
> suspect this is just them being a little slow. We don't have any
> direct contact with MITRE.
>
> All details regarding the two recent curl flaws are here:
>
>  https://curl.haxx.se/docs/CVE-2020-8169.html
>  https://curl.haxx.se/docs/CVE-2020-8177.html

Attachment: pEpkey.asc
Description: