[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Help (CVE request for mysql bug #22413)
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-02-25 15:56:12
Message-ID: Pine.GSO.4.51.0802251052120.8463 () faron ! mitre ! org
[Download RAW message or body]


FYI, I'm not on oss-security or vendor-sec.  I don't necessarily see a
need to be subscribed to them either, although it would be convenient.


On Thu, 21 Feb 2008, Josh Bressers wrote:

> I think this is a good opportunity to ask you how we can use this list to
> make your life easier.  Perhaps it's worth thinking about ways some of the
> subscribed CNAs can dish out CVE ids to reduce your load a little bit for
> these public issues that obviously lack a proper id.

I'd think that if it's a technically-public issue that probably hasn't
made it into the "mainstream" yet, then some CNA who gets our "CVENEW"
notifications could possibly assign ID's.  I'm thinking things like
updates to upstream packages that aren't in a lot of distros, or a bug ID
that isn't marked clearly as having security implications.  However, we
would also need to be notified if a CVE was assigned, to further reduce
the risk of duplication.

- Steve
[prev in list] [next in list] [prev in thread] [next in thread]