lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 28 Apr 2011 18:42:13 +0300
From: Henri Salo <henri@...v.fi>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Requesting/Reserving CVE Question

On Thu, Apr 28, 2011 at 09:14:57AM -0600, ctruncer@...istophertruncer.com wrote:
> Hello all,
> 
> First off, if this isn't the place to ask this question, I apologize, and
> feel free to ignore this e-mail.  
> 
> I've found a couple vulnerabilities in a web forum/portal/etc. product
> called IP.Board.  I was looking to reserve a CVE number, and I attempted to
> contact the address Mitre lists for reserving one, however, it's been
> nearly a month and I have not received anything back from them.  This is
> the first vulnerability I have found, and have never requested/reserved a
> CVE before, so I am a little unfamiliar with the process (although based
> off of the following website, it looks like all I need to do is send an
> e-mail to them - http://cve.mitre.org/cve/obtain_id.html).  
> 
> I've sent follow up e-mails and I've received no response.  What my
> question to you all is how long does this process take?  Is there something
> else that should be done, or someone else the request should be sent to? 
> What's time normal time frame from requesting a CVE number to hearing back
> from them?
> 
> Thanks for any help/info/advice.  I appreciate it.
> 
> Chris

No luck. With open-source you could have tried:
http://oss-security.openwall.org/wiki/mailing-lists/oss-security

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ