Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Jan 2015 18:04:19 -0500 (EST)
From: "Steven M. Christey" <>
Subject: Assignment of CVE IDs with 5 or more digits by January 13, 2015

Based on recent discussion on oss-security and general interest, I thought 
it was important to clarify what is currently planned for issuing 5-digit 
CVE IDs by the dealine of January 13, 2015.

Currently, CVE-2014-9509 is our last allocated ID from 2014.  During 2015, 
we will continue to issue CVE-2014-xxxx IDs for other issues that were 
disclosed in 2014, but it is highly unlikely that we will cross the 
5-digit threshold by January 13.

We will still issue at least one valid 5-digit CVE-2014-xxxxx ID, and 
probably more, on January 13.  This is a one-time exception to our usual 
sequential allocation process.  We are doing this as a final "test" to 
ensure that CVE-using implementations can handle the syntax change.

We might also issue CVE IDs with more than 5 digits, since it is highly 
likely that some implementations will make a 5-digit assumption, even 
though an arbitrary number of digits is allowed by the syntax change, 
which went into effect more than a year ago.

Steve Christey Coley
CVE Editor

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.