[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable
From:       Jeffrey Walton <noloader () gmail ! com>
Date:       2020-12-25 2:05:31
Message-ID: CAH8yC8=VXvPCwbSSDv==QPOp7N+j28_9H1E0C+fSC84JbMdHQg () mail ! gmail ! com
[Download RAW message or body]

On Wed, Dec 23, 2020 at 12:21 PM Fabian Keil
<freebsd-listen@fabiankeil.de> wrote:
>
> Fabian Keil <freebsd-listen@fabiankeil.de> wrote on 2020-11-29:
>
> >                Announcing Privoxy 3.0.29 stable
> [...]
> > - Security/Reliability:
> >   - Fixed memory leaks when a response is buffered and the buffer
> >     limit is reached or Privoxy is running out of memory.
> >     Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
>
> I tried to get a CVE for OVE-20201118-0001 by using the
> "new" form at https://cveform.mitre.org/ on 2020-11-18 but
> was told by MITRE that "the reported vulnerabilities would
> fall in the scope of Red Hat for assignment" and that their
> mail should be forwarded to secalert@redhat.com.
> ...

Related, you are not alone. I just tried to use the form at
https://cveform.mitre.org/ to get a CVE for a memory error.

That form is impossible to use. I emailed cve@mitre.org and asked for
the assignment.

Jeff
[prev in list] [next in list] [prev in thread] [next in thread]