Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Jan 2015 18:04:19 -0500 (EST)
From: "Steven M. Christey" <>
Subject: Assignment of CVE IDs with 5 or more digits by January 13, 2015

Based on recent discussion on oss-security and general interest, I thought 
it was important to clarify what is currently planned for issuing 5-digit 
CVE IDs by the dealine of January 13, 2015.

Currently, CVE-2014-9509 is our last allocated ID from 2014.  During 2015, 
we will continue to issue CVE-2014-xxxx IDs for other issues that were 
disclosed in 2014, but it is highly unlikely that we will cross the 
5-digit threshold by January 13.

We will still issue at least one valid 5-digit CVE-2014-xxxxx ID, and 
probably more, on January 13.  This is a one-time exception to our usual 
sequential allocation process.  We are doing this as a final "test" to 
ensure that CVE-using implementations can handle the syntax change.

We might also issue CVE IDs with more than 5 digits, since it is highly 
likely that some implementations will make a 5-digit assumption, even 
though an arbitrary number of digits is allowed by the syntax change, 
which went into effect more than a year ago.

Steve Christey Coley
CVE Editor

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ