Date: Thu, 8 Aug 2013 20:40:22 -0400 (EDT) From: cve-assign@...re.org To: luigiwalser@...oo.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: tomcat CVE confusion -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >I can't find any info about CVE-2013-3544, but the mitre page says >it's reserved. Perhaps that CVE has already been allocated for some >other piece of software? In this specific situation, it happens to be possible for MITRE to arrange for the CVE web site's CVE-2013-3544 entry to refer to CVE-2012-3544 as the correct identifier. There's a standard wording that we use for this scenario, so the entry will end up looking very similar to this one: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5217 This should be completed on the CVE web site in the coming days. In general, the cve-assign@...re.org address can be used for any reports of a CVE typo in a disclosure. Depending on the exact state and usage of each of the CVEs, sometimes we need to do a multi-vendor typo coordination, and sometimes it's simpler than that. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJSBDh7AAoJEGvefgSNfHMd4PcH/0OfLRDeE0gm5eI7oD8MWY/i 2FfkgKcvHVUA1Jvdb/47+DzM0Ri3AhiCevaY6cQhk0MR86e8dQo7yJj2aktw5ESZ XaG4uMlNgOMbEveX2Qs7gW0IaCXhmD71KrqbliNlUZYdlyreV+p5hK/U+Iy/WYiR 2yKtI6S2OQmvPnq06hl23BO3PPPBAV6oFgNz7h5ONEA3RNk06K4Ahq/ibMf9rRX0 bf6aH7S73kTa7SL3TWw0c9YPQwKkgFYzL9CZI+z+riazkdAqZyF+ptOUIDhKRaiX ejTpGJqVajns6m5Bj7tCgK4TEciSSV5p/tlmhSEaYfFb4H+wsxzOoCPkKW6DSKA= =l15v -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.