mailing list archives
Re: CVE Requests
From: Eugene Teo <eugene () redhat com>
Date: Mon, 19 Mar 2012 09:44:37 +0800
On 03/17/2012 12:11 AM, Mark Stanislav wrote:
All points being made are very much valid and I certainly understand how
contextually oss-sec may be used to allocation requests under different
So here's my situation, I'm up for suggestions (of which, "wait longer", is
1) March 1st, I sent 2 of these CVEs over to Steve Christy at MITRE who had
previously allocated 9 prior CVEs in a day or two generally
I think the problem is simple.
Mark, if the patch is released, that means it's public even if the
details are not publicly discussed. Provide the patch information (hash,
link to the patch, etc), and we will assign CVE names. No one will be
confused if there are duplicate names assigned to them.
If you are not comfortable talking about these issues in public, sure,
use http://oss-security.openwall.org/wiki/mailing-lists/distros. And we
will follow-up from there.
Keep Steve and/or MITRE cc'ed.
No one wants to make things difficult for you. If everyone does their
part, names will be allocated very quickly.
Eugene Teo / Red Hat Security Response Team