Date: Wed, 18 Nov 2015 16:03:47 -0800 From: "Zach W." <kestrel@...linux.us> To: oss-security@...ts.openwall.com Subject: Re: CVE-2015-7266 Hey Kurt, I figured as much but since the vuln has been made public what happens now? Zach W. On 11/18/2015 4:01 PM, Kurt Seifried wrote: > On Wed, Nov 18, 2015 at 4:58 PM, Zach W. <kestrel@...linux.us> wrote: > >> Hey all, >> >> Anybody have any idea what the deal is with this CVE, since it's >> referenced in http://media.pixalate.com/white-papers/xindi.pdf? It's >> being splattered all over the news, but the CVE is still in "reservered" >> >> Zach W. >> > As per the Wikipedia entry: > > https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures#Description > > This is a standardized text description of the issue(s). One common entry > is: > > ** RESERVED ** This candidate has been reserved by an organization > or individual that will use it when announcing a new security problem. > When the candidate has been publicized, the details for this > candidate will be provided. > > This means that the entry number has been reserved by Mitre for an issue or > a CNA has reserved the number. So in the case where a CNA requests a block > of CVE numbers in advance (e.g. Red Hat currently requests CVEs in blocks > of 500), the CVE number will be marked as reserved even though the CVE > itself may not be assigned by the CNA for some time. Until the CVE is > assigned AND Mitre is made aware of it (e.g. the embargo passes and the > issue is made public), AND Mitre has researched the issue and written a > description of it, entries will show up as "** RESERVED **". >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ