Home page logo

oss-sec logo oss-sec mailing list archives

Re: Strange CVE situation (at least one ID should come of this)
From: Josh Bressers <bressers () redhat com>
Date: Fri, 2 Nov 2012 07:55:44 -0400 (EDT)

That's not the same as a generic "don't use this."  For this
CVE-2012-2400, there is a specific advisory from a specific vendor
telling customers to patch a vulnerability.  It's "unspecified" all over
the place due to lack of details, so risk analysis is problematic, but
it's a statement of some kind of vulnerability in a specific version by an
authoritative source.

Oracle and HP publish advisories like this on a regular basis.

This isn't meant to be a troll, it's a legitimate question.

So if someone publishes an advisory stating "I have found a number of
security flaws in product X." Would that get the same sort of CVE ID?

I of course don't approve of such advisories, my curiosity is academic.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]