Date: Wed, 14 Dec 2016 16:27:57 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Hi Sam, On Mon, Dec 12, 2016 at 10:40:16AM -0600, Sam Whited wrote: > Oops, I got the autoreply about not using this list to request CVEs > after sending that message; now I'm a bit more confused about the > current procedure; please advise. Almost sure the autoreply came not from oss-security, but from the cve-assign@...re.org. But the autoreply should contain a note like: > [...] > In the special case of communications involving a publicly known > vulnerability on the oss-security mailing list, please do not use > the https://cveform.mitre.org web site at this time, and instead > send new or followup messages directly to that mailing list. (If > your message pertains to a topic on the oss-security mailing list, > and you are receiving an auto-response from the cve-assign@...re.org > address, then you can ignore that auto-response.) Was this the case? HTH, Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.