Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Nov 2015 16:03:47 -0800
From: "Zach W." <kestrel@...linux.us>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2015-7266

Hey Kurt,

I figured as much but since the vuln has been made public what happens now?

Zach W.

On 11/18/2015 4:01 PM, Kurt Seifried wrote:
> On Wed, Nov 18, 2015 at 4:58 PM, Zach W. <kestrel@...linux.us> wrote:
>
>> Hey all,
>>
>> Anybody have any idea what the deal is with this CVE, since it's
>> referenced in http://media.pixalate.com/white-papers/xindi.pdf? It's
>> being splattered all over the news, but the CVE is still in "reservered"
>>
>> Zach W.
>>
> As per the Wikipedia entry:
>
> https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures#Description
>
> This is a standardized text description of the issue(s). One common entry
> is:
>
> ** RESERVED ** This candidate has been reserved by an organization
> or individual that will use it when announcing a new security problem.
> When the candidate has been publicized, the details for this
> candidate will be provided.
>
> This means that the entry number has been reserved by Mitre for an issue or
> a CNA has reserved the number. So in the case where a CNA requests a block
> of CVE numbers in advance (e.g. Red Hat currently requests CVEs in blocks
> of 500), the CVE number will be marked as reserved even though the CVE
> itself may not be assigned by the CNA for some time. Until the CVE is
> assigned AND Mitre is made aware of it (e.g. the embargo passes and the
> issue is made public), AND Mitre has researched the issue and written a
> description of it, entries will show up as "** RESERVED **".
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ