Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 14 Dec 2016 16:27:57 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: CVE Request: MCabber: remote attackers can
 modify the roster and intercept messages via a crafted roster-push IQ stanza

Hi Sam,

On Mon, Dec 12, 2016 at 10:40:16AM -0600, Sam Whited wrote:
> Oops, I got the autoreply about not using this list to request CVEs
> after sending that message; now I'm a bit more confused about the
> current procedure; please advise.

Almost sure the autoreply came not from oss-security, but from the
cve-assign@...re.org. But the autoreply should contain a note like:

> [...]
> In the special case of communications involving a publicly known
> vulnerability on the oss-security mailing list, please do not use
> the https://cveform.mitre.org web site at this time, and instead
> send new or followup messages directly to that mailing list. (If
> your message pertains to a topic on the oss-security mailing list,
> and you are receiving an auto-response from the cve-assign@...re.org
> address, then you can ignore that auto-response.)

Was this the case?

HTH,

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ