Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 9 Jun 2017 15:50:07 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Subject: Re: Security bug report read-protected

Hello


On 06/09/2017 01:49 AM, Qhdwns123 wrote:
> If you are reporting bugs to the bugzilla site,
> When an anonymous user accesses the page, the following message is displayed and access is blocked.
> "You are not authorized to access bug #632521. To see this bug, you must first log in to an account with the appropriate permissions"
> As far as I know, when you request a CVE, you need to create an accessible reference address for anonymous users.

I do not think this is correct. The CVE request needs to only contain
the minimum information required to identify the issue and assign a CVE.
A bug tracker reference needs to be unique and a permanent identifier,
not necessarily publicly readable at the time of the report.

Andreas

-- 

Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ