Date: Sun, 4 Jan 2015 18:04:19 -0500 (EST) From: "Steven M. Christey" <coley@...re.org> To: oss-security@...ts.openwall.com cc: alan.coopersmith@...cle.com, gremlin@...mlin.ru, cve@...re.org Subject: Assignment of CVE IDs with 5 or more digits by January 13, 2015 Based on recent discussion on oss-security and general interest, I thought it was important to clarify what is currently planned for issuing 5-digit CVE IDs by the dealine of January 13, 2015. Currently, CVE-2014-9509 is our last allocated ID from 2014. During 2015, we will continue to issue CVE-2014-xxxx IDs for other issues that were disclosed in 2014, but it is highly unlikely that we will cross the 5-digit threshold by January 13. We will still issue at least one valid 5-digit CVE-2014-xxxxx ID, and probably more, on January 13. This is a one-time exception to our usual sequential allocation process. We are doing this as a final "test" to ensure that CVE-using implementations can handle the syntax change. We might also issue CVE IDs with more than 5 digits, since it is highly likely that some implementations will make a 5-digit assumption, even though an arbitrary number of digits is allowed by the syntax change, which went into effect more than a year ago. Steve Christey Coley CVE Editor
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ