Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0802251052120.8463@faron.mitre.org>
Date: Mon, 25 Feb 2008 10:56:12 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Josh Bressers <bressers@...hat.com>
cc: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Help (CVE request for mysql bug #22413)


FYI, I'm not on oss-security or vendor-sec.  I don't necessarily see a
need to be subscribed to them either, although it would be convenient.


On Thu, 21 Feb 2008, Josh Bressers wrote:

> I think this is a good opportunity to ask you how we can use this list to
> make your life easier.  Perhaps it's worth thinking about ways some of the
> subscribed CNAs can dish out CVE ids to reduce your load a little bit for
> these public issues that obviously lack a proper id.

I'd think that if it's a technically-public issue that probably hasn't
made it into the "mainstream" yet, then some CNA who gets our "CVENEW"
notifications could possibly assign ID's.  I'm thinking things like
updates to upstream packages that aren't in a lot of distros, or a bug ID
that isn't marked clearly as having security implications.  However, we
would also need to be notified if a CVE was assigned, to further reduce
the risk of duplication.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.