Date: Fri, 9 Jun 2017 15:50:07 +0200 From: Andreas Stieger <astieger@...e.com> To: oss-security@...ts.openwall.com Subject: Re: Security bug report read-protected Hello On 06/09/2017 01:49 AM, Qhdwns123 wrote: > If you are reporting bugs to the bugzilla site, > When an anonymous user accesses the page, the following message is displayed and access is blocked. > "You are not authorized to access bug #632521. To see this bug, you must first log in to an account with the appropriate permissions" > As far as I know, when you request a CVE, you need to create an accessible reference address for anonymous users. I do not think this is correct. The CVE request needs to only contain the minimum information required to identify the issue and assign a CVE. A bug tracker reference needs to be unique and a permanent identifier, not necessarily publicly readable at the time of the report. Andreas -- Andreas Stieger <astieger@...e.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ