mailing list archives
Re: CVE Requests
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 16 Mar 2012 13:38:46 -0600
On 03/16/2012 12:30 PM, Mark Stanislav wrote:
Is "VS@" supposed to be vendor-sec; the defunct list? Or is there
another list I am not aware of? If so, can you please give me the *full*
Sorry it is: http://oss-security.openwall.org/wiki/mailing-lists/distros
I'd say you may want to coordinate that documentation with Steve Christy
as the nine times he allocated CVEs for me directly, this sort of
conversation never came up. I can understand frustration on your part
that people may not be educated, but realize that if CNAs handle this
process differently, it may not be a matter of education on how 'the
system works' but rather consistency within the entire process, agnostic
of whom is allocating a CVE.
We're working on it.
I again, do appreciate your time but I suppose I'll just wait for Steve
or whomever is manning cve () mitre to contact me back.
I'm simply loathe to assign CVE's for which I get no details from a
third party especially when they have sent requests in to Mitre already.
How do I know if Mitre has or has not assigned a CVE yet? We basically
end up with a race condition (and duplicates).
Kurt Seifried Red Hat Security Response Team (SRT)