Date: Mon, 2 Dec 2013 18:35:24 -0500 (EST) From: cve-assign@...re.org To: Ian.Jackson@...citrix.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, xen-devel@...ts.xen.org, security@....org Subject: Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > This was sent by MITRE as part of the CVE assignment. It seems likely > to us (the Xen Project security team) that the CVE assignment was a > consequence of our embargoed predisclosure to xen-security-issues. MITRE typically does not know about multi-party embargo arrangements affecting Linux vendors and various other vendors, and did not know about any multi-party embargo arrangement in this case. If anyone who is regularly involved in vulnerability remediation affecting the open-source community asks MITRE to send an announcement of a CVE assignment to oss-security, we send that announcement without any investigation of disclosure restrictions. Although it is unfortunate if such an announcement had an adverse effect on a planned disclosure timeline, we feel that this is an isolated case and does not mean that we need to reevaluate our approach. Also, once an issue is mentioned on oss-security by anyone, we consider the issue fully public and we sometimes proceed to publish a CVE immediately. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSnRcQAAoJEKllVAevmvmshl8H/0d/jkBYZP11YbWOzTXQrKGj exCXvUaC6BOukr1+u1eh7GR1W98NY5S7DT3oHDu0DzAfJ2iR4AAM0513V9mCUo/f LBBGsw+pyzPKeI5UQdXJ8GQ0Ut/WlbMB4qj0+ZuwKjCKFCdir2Xx7H0H3Ptb3qik 38JgvO+bpMxDWnrF+Nh6SkuocB9jXuDCbCGO5Q4jaj1CcExmaRV9H8A0O4VbvtTj VQa+eY48H7WpBqKUrKylo/zZT5pBs/3tH0FSymiGLP9aFCDAl5xazf9LWq3iow/D AND3rDNlEzmDJ8zSHzx0wrvHTW8xMpj3KAk3z4D8G8XTmw7reltAVo1eGPmL6S0= =ouMl -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.