Date: Thu, 18 Jun 2015 08:17:21 -0400 (EDT) From: cve-assign@...re.org To: thoger@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, kaplanlior@...il.com, security@....net Subject: Re: CVE Request: various issues in PHP -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > same reporter, same type, same affected (released) > versions, and the same PHP extension Vulnerabilities with different disclosure dates aren't merged. (This doesn't mean that we would want to have separate CVEs for a developer's efforts to completely fix one type of problem in a single piece of code, before any changes were in a release, even if the efforts took a while. However, even in the case of a single piece of code, multiple CVEs can occur if there is a CVE assignment at a time when development work seems finished, and then this work continues.) > issue affecting different module of the code base > is not a typical reason for split. "different module" would be relevant if it were known that the code in one module was originally introduced in one version, and this was not the same version as for the other code. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVgrW7AAoJEKllVAevmvmsUz4H/0sh6svZ2GQV4/docwDrfdZA JVV7P8NFja6XlKMQsGDvSrsollGjA2TZf7y7D56mXIjK6hv57tS5bzTcH2ofQSfY Au0IOyM+/MDu8pnt1pXAyBvYbwaMQOvZRFMA96imL46/KPwnKPUACrnXfu6BpXU4 u186I9Na+8RKc47yajjg3ddUjTl1aMGjXXbEXK1c9XtnKjU1zk7Gd0HCRqcMRW6b +4ojMyyPigXNbPXb1YtFUS3BZ25p7jLVzNHvaBeKEddJuHtyyq7lHZbAYDbi0Ykb K7h1uCtg9XpzkRvEQnJzBEFCsgEMQs9PURNhWd2S+wVSCzSL+AxgPm0a/hbpZ5o= =QwlQ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ