Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Apr 2015 06:24:27 +0300
From: Solar Designer <>
Subject: Re: CVE request

Sorry for bikeshedding, but:

On Sun, Apr 19, 2015 at 10:21:00PM -0400, Dan McDonald wrote:
> Illumos bug #5853 (, now fixed, can be exploited to escalate privilege.  It's not easy to do so, but it is enough to cause concern and ask for a CVE number.

"When applicable, the message Subject must include the name and
version(s) of affected software, and vulnerability type.  For example, a
Subject saying only "CVE request" or "CVE-2099-99999" is not appropriate,
whereas "CVE request - Acme Placeholder 1.0 buffer overflow" or
"CVE-2099-99999 - Acme Placeholder 1.0 buffer overflow" would be OK."

> At least two distros already have this fix in place.  I'd appreciate a CVE number (and if possible a way to request these on a non-public list... sorry if I missed the FAQ).

If you're OK with posting a CVE request in public, please do so - like
you did this time (just with a better Subject).  For other cases, see:

and the followups to that message (click "thread-next").


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ