Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Requests
From: Eugene Teo <eugene () redhat com>
Date: Mon, 19 Mar 2012 09:44:37 +0800

On 03/17/2012 12:11 AM, Mark Stanislav wrote:
All points being made are very much valid and I certainly understand how
contextually oss-sec may be used to allocation requests under different

So here's my situation, I'm up for suggestions (of which, "wait longer", is
perfectly viable!)...

1) March 1st, I sent 2 of these CVEs over to Steve Christy at MITRE who had
previously allocated 9 prior CVEs in a day or two generally

I think the problem is simple.

Mark, if the patch is released, that means it's public even if the
details are not publicly discussed. Provide the patch information (hash,
link to the patch, etc), and we will assign CVE names. No one will be
confused if there are duplicate names assigned to them.

If you are not comfortable talking about these issues in public, sure,
use http://oss-security.openwall.org/wiki/mailing-lists/distros. And we
will follow-up from there.

Keep Steve and/or MITRE cc'ed.

No one wants to make things difficult for you. If everyone does their
part, names will be allocated very quickly.

Thanks, Eugene
Eugene Teo / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]