Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20160301184339.B62C3ABC04A@smtpvmsrv1.mitre.org>
Date: Tue,  1 Mar 2016 13:43:39 -0500 (EST)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE's for SSLv2 support

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> much like we would for products supporting DES or other known insecure
> cryptographic algorithms, hashes, digests and protocols?

It's unclear what the word "we" means here. If Red Hat at some point
wrote code that ships in a Red Hat product and, upon internal review,
Red Hat discovers that it supports (for example) DES, then Red Hat can
choose to assign a CVE ID if Red Hat is announcing a required security
update to remove DES for reasons of Red Hat policy or perceived
expectations of Red Hat customers.

MITRE does not assign CVE IDs to track whether the universe of
products has similar or dissimilar time scales in adapting to
technology changes.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW1eJFAAoJEL54rhJi8gl5XpEP/2WyAGm+dz+xLncacnp1fnOr
iBa0db4eAkxG52l4kUO0Z01/xJD95LvdGiBTOBlfFJ9BUubVIoNvKRq3FrDzB2+s
VxuJSEpgD++Y5SW9TmpUs/BinM/SgUZdj03z2d74V15IB60s+p4WdszG+zrKt0Pq
YmPIouVAq3Fzb+ovCvGs0kjNuLmMWI3OntH6xWM+OHdNLbwzhSihbIP4BzolBnm5
dLnLmQdrElD8nXrVWqfHIPOBvaiz297jYBEFT6dztbfdTR5GreS/GqgAS4qiBwl+
ZTnqVdVBNx7pbEzkMJcFZznm7HKS7lTegiRq32BC5sLXbppDEUy0eNZIArkpeVCr
Pb2QNGrt6xF0ueRmyO/FyestW1dV3a77ry8xjY9trozB6yvOf+WR7t40x/Ovt13U
oEARKy7m3P/f2nV6gnfvtBhrEq8fm0VCVQiEZaXk6fs5NUHCC72ex0ewq3qBAc4o
lvP4O1fqLQYf4gtSZz46raR0Tear6m3kn3rJEEznNwP562v4cL1vrxnX2bn5z9Ad
t81pUaILikYB7Ft5+/+pdE/kcVR7m4B6NPq6JojXU7ECZjydgpZcGk16ILVlNTar
UNY1Okh+QOg5Y5weCeMzpTQD4CsXUyLJuDu2tmaLvPKBu8x+dnsBoVt9Lbstefbr
qRfdvYK+lXat94W+DxPh
=QGDB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.