Date: Sun, 15 Jun 2014 20:29:21 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: rich@....org Cc: cve-assign@...re.org, henri@...v.fi, oss-security@...ts.openwall.com Subject: Re: Re: CVE Request for KIO/kmail On dim., 2014-06-15 at 16:55 +0100, Richard Moore wrote: > In the past when I've tried to use the cve-assign address it has basically > been a black hole. Since then I've either asked redhat or one of the other > OSS vendors for a CVE. I've used the distros@...openwall.org now as a > fallback. > > I'd also note as part of the meta discussion that I'm not going to release > details of vulnerabilities to a public list before the fix, and just > because someone asks for more details doesn't mean I will provide them. May I ask why you're writing to the public oss-sec list instead of the private distros one, then? -- Yves-Alexis [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ