Re: [oss-security] CVE Requests

From: Adam D. Barratt <adam_at_nospam>
Date: Fri Mar 16 2012 - 15:54:22 GMT
To: <oss-security@lists.openwall.com>

On 16.03.2012 10:26, Andreas Ericsson wrote:
> Those mails are all exemplary requests for CVE id's, ofcourse, but
> the
> fact that they are all already fixed and released means that 100% of
> the work is already done. At that point, assigning a CVE id is mostly
> useless and is done as a "just for the record" thing.

Whether you consider it useless or not, those are the CVE assignments
that will happen on the list, aiui.

http://oss-security.openwall.org/wiki/mailing-lists/oss-security
specifically says: "Public security issues only please. What you say
here is public for the world to see - keep that in mind. Embargoed
information is best disclosed to vendor-sec" (which should be updated to
point at somewhere that actually exists).

Regards,

Adam

This message: [ Message body ]
Next message: Mark Stanislav: "Re: [oss-security] CVE Requests"
Previous message: Solar Designer: "Re: [oss-security] CVE Requests"
In reply to: Andreas Ericsson: "Re: [oss-security] CVE Requests"
Next in thread: Mark Stanislav: "Re: [oss-security] CVE Requests"
Reply: Mark Stanislav: "Re: [oss-security] CVE Requests"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]