Date: Wed, 14 Dec 2016 16:27:57 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Hi Sam, On Mon, Dec 12, 2016 at 10:40:16AM -0600, Sam Whited wrote: > Oops, I got the autoreply about not using this list to request CVEs > after sending that message; now I'm a bit more confused about the > current procedure; please advise. Almost sure the autoreply came not from oss-security, but from the cve-assign@...re.org. But the autoreply should contain a note like: > [...] > In the special case of communications involving a publicly known > vulnerability on the oss-security mailing list, please do not use > the https://cveform.mitre.org web site at this time, and instead > send new or followup messages directly to that mailing list. (If > your message pertains to a topic on the oss-security mailing list, > and you are receiving an auto-response from the cve-assign@...re.org > address, then you can ignore that auto-response.) Was this the case? HTH, Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ