Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Mar 2015 03:13:40 -0400 (EDT)
From: cve-assign@...re.org
To: jeremy@...nstack.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for OpenStack Compute (nova)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At this point, it seems best to define the affected releases for
CVE-2015-2687 to include Icehouse and Juno, in addition to Havana.
There is at least one person (hfamily15) who believes it is a
vulnerability within all of these releases, and nobody has indicated
that it must not be considered a vulnerability within any of these
releases.

This means that the http://openwall.com/lists/oss-security/2015/03/24/10
text starting with "It is conceivable that" is no longer applicable.

The CVE project is not attempting to suggest that the existence of a
CVE ID associated with a supported release means that an OSSA is
required.

> Of the many reports we initially receive as potential vulnerabilities,
> only a fraction actually end in an advisory

Similarly, there's obviously no obligation to send a notification to
oss-security whenever a potential vulnerability has been evaluated.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVEl+mAAoJEKllVAevmvmseZEH/2lDzJcTCXE0jPoT3mL+ytLE
7idFQK32HepABqgS/y2GfdI+xlOUHylfAWYgk8AslSbv1OvhGgwwyz64JKiRu7ZW
MKFALlVqLVeWaQNepn2JS0mS+g2OaWUDI2zQB62FzB6MobC2Z9R3lyCdtwQUaNUt
ywbRyCSR4rY2e1pu+WmACQbGevwNC4OQh5oQTaLB0rvivYrK8j4fb+s7uMxLsxKM
fLkkIIIu7DGmgj+Zupzay/xzb120bKG4loXLhj64We+REYVnINM/kellsmBIbexB
a1hxDGqycXLAXSxgeCDigfmxNBMuAmIQLMSmGY6ekbHLfIrwthWYChbZHaFfgFU=
=3MQv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ