oss-security - why many CVEs are ** RESERVED ** on Mitre

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <4ae03741-1f12-9c3b-6243-35f3aa24e67d@enea.com>
Date: Wed, 14 Dec 2016 09:44:52 +0100
From: Sona Sarmadi <sona.sarmadi@...a.com>
To: <oss-security@...ts.openwall.com>
CC: <cve-assign@...re.org>
Subject: why many CVEs are ** RESERVED ** on Mitre

Hi again,

Does anyone know why Mitre lists many CVEs ** RESERVED ** while they are
public (e.g. curl CVEs below)?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615

https://curl.haxx.se/docs/security.html:

CVE-2016-8615
CVE-2016-8616
CVE-2016-8617
CVE-2016-8618
CVE-2016-8619
CVE-2016-8620
CVE-2016-8621
CVE-2016-8622
CVE-2016-8623
CVE-2016-8624
CVE-2016-8625

Shouldn't Mitre follow a process and update the page after CVEs have
been made public e.g. by upstream project? Or perhaps there is another
reason for these CVEs not to be updated?

Best,
---------------------------------------
Sona Sarmadi
Security Responsible for Enea Linux



Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.