oss-sec mailing list archives

Re: issue with stuck Mitre CVE requests

From: Mark Esler <mark.esler () canonical com>
Date: Sat, 25 Jan 2025 01:24:36 +0000

On Wed, Jan 22, 2025 at 03:18:10PM +0100, Johannes Segitz wrote:

We're not empowered to do this. We are a CNA for code that we own (e.g.
zypper), but not for arbitrary open source projects.


The text of SUSE's scope [0] is similar to Canonical's [1]. We
understand "All Canonical issues (including Ubuntu Linux) only" as
including all software we distribute. It does not require us to be the
author of that code.

Mark

[0] https://www.cve.org/PartnerInformation/ListofPartners/partner/canonical
[1] https://www.cve.org/PartnerInformation/ListofPartners/partner/suse

Attachment: signature.asc
Description:

Current thread:

issue with stuck Mitre CVE requests Matthias Gerstner (Jan 22)
- Re: issue with stuck Mitre CVE requests Greg KH (Jan 22)
  - Re: issue with stuck Mitre CVE requests Johannes Segitz (Jan 22)
    - Re: issue with stuck Mitre CVE requests Mark Esler (Jan 24)
    - Re: issue with stuck Mitre CVE requests Johannes Segitz (Jan 27)
    - Re: issue with stuck Mitre CVE requests Pete Allor (Jan 27)
  - Re: issue with stuck Mitre CVE requests Pedro Sampaio (Jan 22)
- Re: issue with stuck Mitre CVE requests Matthias Gerstner (Jan 23)
  - Re: issue with stuck Mitre CVE requests Pete Allor (Jan 23)