Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Requests
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 16 Mar 2012 13:38:46 -0600

On 03/16/2012 12:30 PM, Mark Stanislav wrote:

Is "VS@" supposed to be vendor-sec; the defunct list? Or is there
another list I am not aware of? If so, can you please give me the *full*
address? Thanks.

Sorry it is: http://oss-security.openwall.org/wiki/mailing-lists/distros

I'd say you may want to coordinate that documentation with Steve Christy
as the nine times he allocated CVEs for me directly, this sort of
conversation never came up. I can understand frustration on your part
that people may not be educated, but realize that if CNAs handle this
process differently, it may not be a matter of education on how 'the
system works' but rather consistency within the entire process, agnostic
of whom is allocating a CVE.

We're working on it.

I again, do appreciate your time but I suppose I'll just wait for Steve
or whomever is manning cve () mitre to contact me back.

I'm simply loathe to assign CVE's for which I get no details from a
third party especially when they have sent requests in to Mitre already.
How do I know if Mitre has or has not assigned a CVE yet? We basically
end up with a race condition (and duplicates).



Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]