Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d5e1dd9b9a1e04e4853aacf0722dcb5c@mail.adsl.funky-badger.org>
Date: Fri, 16 Mar 2012 15:54:22 +0000
From: "Adam D. Barratt" <adam@...m-barratt.org.uk>
To: <oss-security@...ts.openwall.com>
Cc: Kurt Seifried <kseifried@...hat.com>, Mark Stanislav
 <mark.stanislav@...il.com>
Subject: Re: CVE Requests

On 16.03.2012 10:26, Andreas Ericsson wrote:
> Those mails are all exemplary requests for CVE id's, ofcourse, but 
> the
> fact that they are all already fixed and released means that 100% of
> the work is already done. At that point, assigning a CVE id is mostly
> useless and is done as a "just for the record" thing.

Whether you consider it useless or not, those are the CVE assignments 
that will happen on the list, aiui.

http://oss-security.openwall.org/wiki/mailing-lists/oss-security 
specifically says: "Public security issues only please. What you say 
here is public for the world to see - keep that in mind. Embargoed 
information is best disclosed to vendor-sec" (which should be updated to 
point at somewhere that actually exists).

Regards,

Adam

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.