Date: Sun, 4 Jan 2015 18:04:19 -0500 (EST) From: "Steven M. Christey" <coley@...re.org> To: oss-security@...ts.openwall.com cc: alan.coopersmith@...cle.com, gremlin@...mlin.ru, cve@...re.org Subject: Assignment of CVE IDs with 5 or more digits by January 13, 2015 Based on recent discussion on oss-security and general interest, I thought it was important to clarify what is currently planned for issuing 5-digit CVE IDs by the dealine of January 13, 2015. Currently, CVE-2014-9509 is our last allocated ID from 2014. During 2015, we will continue to issue CVE-2014-xxxx IDs for other issues that were disclosed in 2014, but it is highly unlikely that we will cross the 5-digit threshold by January 13. We will still issue at least one valid 5-digit CVE-2014-xxxxx ID, and probably more, on January 13. This is a one-time exception to our usual sequential allocation process. We are doing this as a final "test" to ensure that CVE-using implementations can handle the syntax change. We might also issue CVE IDs with more than 5 digits, since it is highly likely that some implementations will make a 5-digit assumption, even though an arbitrary number of digits is allowed by the syntax change, which went into effect more than a year ago. Steve Christey Coley CVE Editor
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.