Home page logo

oss-sec logo oss-sec mailing list archives

RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
From: "Christey, Steven M." <coley () mitre org>
Date: Wed, 20 Mar 2013 14:03:10 +0000

I agree that oss-security is not just for CVE requests (although that's what it feels like sometimes), but duplicate 
CVEs are a pain for everybody.  When posting to oss-security, it's reasonable to say whether CVEs have already been 
requested or not.  There is not a well-established infrastructure or communication channel to closely coordinate CVE 
assignments between MITRE and Kurt.

- Steve

-----Original Message-----
From: Reed Loden [mailto:reed () reedloden com]
Sent: Wednesday, March 20, 2013 5:19 AM
To: oss-security () lists openwall com
Cc: kseifried () redhat com; Henri Salo; larry0 () me com; Christey, Steven M.
Subject: Re: [oss-security] Re: [Red Hat - Possible Forgery] Re: [oss-security]
Ruby CVEs

Hash: SHA1

On Wed, 20 Mar 2013 03:04:30 -0600
Kurt Seifried <kseifried () redhat com> wrote:

Please don't send requests to oss-sec if you already sent a request to
Mitre/anyone else. Also I don't seem to have these in my emails from
Mitre (to VIM list or anywhere else)?

To be fair, this list isn't just for CVE requests... It's for security
issues in open source software[0]. As somebody who relies on this list
and others like it to stay on top of current issues, I definitely
appreciate the notification, even if CVEs have already been assigned. :)


[0] http://oss-security.openwall.org/wiki/mailing-lists/oss-security
Version: GnuPG v1.4.11 (GNU/Linux)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]