Date: Wed, 25 Mar 2015 13:05:32 +0000 From: Jeremy Stanley <jeremy@...nstack.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE request for OpenStack Compute (nova) On 2015-03-25 03:13:40 -0400 (-0400), cve-assign@...re.org wrote: [...] > Similarly, there's obviously no obligation to send a notification to > oss-security whenever a potential vulnerability has been evaluated. Correct, and we don't in those situations. In this case it was brought to the list by a representative of a Linux distribution affected by the bug in a release we no longer support upstream, since they need to implement a fix for it in their product. -- Jeremy Stanley Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.