Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 May 2017 15:13:42 -0600
From: Kurt Seifried <>
Subject: Re: How to request a CVE for open source projects

Well actually they can. Why do you think we (DWF) have an extensible Json format with the data hosted in git? Hint: so people can contribute.


> On May 22, 2017, at 13:45, Kurt H Maier <> wrote:
>> On Mon, May 22, 2017 at 08:57:21PM +0200, Marcus Meissner wrote:
>> Please everyone do the distributors a favour and link to GIT commits with fixes for
>> the requested CVE or at least explicit single reproducers, as we have increasing trouble
>> of associating CVEs with the correct place in code.
> This is only gonna get worse now that mitre cut the mailing list out of
> the process, and third-party participants can no longer add commentary
> and insight into the reported vulnerabilities.
> khm

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.