From oss-security  Sun Jun 15 20:32:54 2014
From: Richard Moore <rich () kde ! org>
Date: Sun, 15 Jun 2014 20:32:54 +0000
To: oss-security
Subject: Re: [oss-security] Re: CVE Request for KIO/kmail
Message-Id: <CAMp7mVvLktg7XZbJp3a=3BTO12RWJ_2U09v9VsSUbCsP4UVUkw () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=oss-security&m=140286439625514
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--047d7bf161f8b51bb404fbe5d02e"

--047d7bf161f8b51bb404fbe5d02e
Content-Type: text/plain; charset=ISO-8859-1

On 15 June 2014 19:29, Yves-Alexis Perez <corsac@debian.org> wrote:

> On dim., 2014-06-15 at 16:55 +0100, Richard Moore wrote:
> > In the past when I've tried to use the cve-assign address it has
> basically
> > been a black hole. Since then I've either asked redhat or one of the
> other
> > OSS vendors for a CVE. I've used the distros@vs.openwall.org now as a
> > fallback.
> >
> > I'd also note as part of the meta discussion that I'm not going to
> release
> > details of vulnerabilities to a public list  before the fix, and just
> > because someone asks for more details doesn't mean I will provide them.
>
> May I ask why you're writing to the public oss-sec list instead of the
> private distros one, then?
>

Yep, that's obviously a mistake on my part. It's the address I had noted
for CVE requests.

Rich.

--047d7bf161f8b51bb404fbe5d02e--