Home page logo

basics logo Security Basics mailing list archives

Re: What does it mean for a vulnerability to be retired?
From: "George A. Theall" <theall () tifaware com>
Date: Fri, 21 Dec 2007 13:28:42 -0500

On Dec 21, 2007, at 1:11 PM, Terra Frost wrote:

<http://www.securityfocus.com/bid/26885> is an example of a
vulnerability whose status has been changed to RETIRED.  My question
is..  what, exactly, does that mean?

The meaning varies. In this case, it means that SecurityFocus believes the issue was bogus, which is what they say under the Discussion section:


[As an aside, retiring this was probably a mistake -- there is definitely an issue with WordPress as subsequent discussions on the Bugtraq mailing list have shown.]

In other cases, SecurityFocus might mark an BID as retired because they have split out the issues into separate BIDs, as they did recently with BID 26929, for various issues in Adobe's Flash Player plugin.

theall () tifaware com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]