mailing list archives
Re: CVE Requests
From: "Adam D. Barratt" <adam () adam-barratt org uk>
Date: Fri, 16 Mar 2012 15:54:22 +0000
On 16.03.2012 10:26, Andreas Ericsson wrote:
Those mails are all exemplary requests for CVE id's, ofcourse, but
fact that they are all already fixed and released means that 100% of
the work is already done. At that point, assigning a CVE id is mostly
useless and is done as a "just for the record" thing.
Whether you consider it useless or not, those are the CVE assignments
that will happen on the list, aiui.
specifically says: "Public security issues only please. What you say
here is public for the world to see - keep that in mind. Embargoed
information is best disclosed to vendor-sec" (which should be updated to
point at somewhere that actually exists).