Date: Sun, 15 Jun 2014 21:32:54 +0100 From: Richard Moore <rich@....org> To: Yves-Alexis Perez <corsac@...ian.org> Cc: cve-assign@...re.org, henri@...v.fi, oss-security@...ts.openwall.com Subject: Re: Re: CVE Request for KIO/kmail On 15 June 2014 19:29, Yves-Alexis Perez <corsac@...ian.org> wrote: > On dim., 2014-06-15 at 16:55 +0100, Richard Moore wrote: > > In the past when I've tried to use the cve-assign address it has > basically > > been a black hole. Since then I've either asked redhat or one of the > other > > OSS vendors for a CVE. I've used the distros@...openwall.org now as a > > fallback. > > > > I'd also note as part of the meta discussion that I'm not going to > release > > details of vulnerabilities to a public list before the fix, and just > > because someone asks for more details doesn't mean I will provide them. > > May I ask why you're writing to the public oss-sec list instead of the > private distros one, then? > Yep, that's obviously a mistake on my part. It's the address I had noted for CVE requests. Rich.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ