Date: Mon, 19 Mar 2012 09:44:37 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Mark Stanislav <mark.stanislav@...il.com>, "Adam D. Barratt" <adam@...m-barratt.org.uk>, Kurt Seifried <kseifried@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Requests On 03/17/2012 12:11 AM, Mark Stanislav wrote: > All points being made are very much valid and I certainly understand how > contextually oss-sec may be used to allocation requests under different > circumstances. > > So here's my situation, I'm up for suggestions (of which, "wait longer", is > perfectly viable!)... > > 1) March 1st, I sent 2 of these CVEs over to Steve Christy at MITRE who had > previously allocated 9 prior CVEs in a day or two generally [...] I think the problem is simple. Mark, if the patch is released, that means it's public even if the details are not publicly discussed. Provide the patch information (hash, link to the patch, etc), and we will assign CVE names. No one will be confused if there are duplicate names assigned to them. If you are not comfortable talking about these issues in public, sure, use http://oss-security.openwall.org/wiki/mailing-lists/distros. And we will follow-up from there. Keep Steve and/or MITRE cc'ed. No one wants to make things difficult for you. If everyone does their part, names will be allocated very quickly. Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.