[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE Request for KIO/kmail
From:       Richard Moore <rich () kde ! org>
Date:       2014-06-15 20:32:54
Message-ID: CAMp7mVvLktg7XZbJp3a=3BTO12RWJ_2U09v9VsSUbCsP4UVUkw () mail ! gmail ! com
[Download RAW message or body]


On 15 June 2014 19:29, Yves-Alexis Perez <corsac@debian.org> wrote:

> On dim., 2014-06-15 at 16:55 +0100, Richard Moore wrote:
> > In the past when I've tried to use the cve-assign address it has
> basically
> > been a black hole. Since then I've either asked redhat or one of the
> other
> > OSS vendors for a CVE. I've used the distros@vs.openwall.org now as a
> > fallback.
> >
> > I'd also note as part of the meta discussion that I'm not going to
> release
> > details of vulnerabilities to a public list  before the fix, and just
> > because someone asks for more details doesn't mean I will provide them.
>
> May I ask why you're writing to the public oss-sec list instead of the
> private distros one, then?
>

Yep, that's obviously a mistake on my part. It's the address I had noted
for CVE requests.

Rich.


[prev in list] [next in list] [prev in thread] [next in thread]