On 10/30/2012 11:34 AM, Steven M. Christey wrote:>
To have a CVE for "don't use this" is not consistent with
long-existing practice. I don't recall ever intentionally
assigning a CVE for such a thing - after all, CVE is about
vulnerabilities, and "don't use this" is awfully vague.
True, but we've already gone down that road, e.g.:
CVE-2012-2400 Unspecified vulnerability in
wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown
impact and attack vectors.