Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 28 Jul 2021 15:08:01 +0200
From: Jonas Schäfer <jonas@...licki.name>
To: oss-security@...ts.openwall.com
Cc: developers@...sody.im
Subject: Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request)

On Mittwoch, 28. Juli 2021 08:28:53 CEST Salvatore Bonaccorso wrote:
> Hi Jonas,
> 
> On Thu, Jul 22, 2021 at 05:03:36PM +0200, Jonas Schäfer wrote:
> > (NB: [1] suggested that posting to this list is still an acceptable way to
> > request a CVE, especially if disclosure should happen immediately. Please
> > let me know if that's not going to work, then I'll fill out the form.)
> Can you request a CVE directly through https://cveform.mitre.org/ ?

Will do, thanks.

Where to go to get a CVE for a "random" open source project is always a bit 
opaque for me. I noticed that I managed to omit the link in my original email, 
this is the guide I was referring to:

(sorry for the broken link)

https://github.com/CVEProject/cveproject.github.io/blob/gh-pages/requester/
reservation-guidelines.md#4-requests-to-third-party-coordinator-cnas-or-email-
lists

kind regards,
Jonas
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.