lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 29 Apr 2011 08:30:52 +0200
From: Marcus Meissner <meissner@...e.de>
To: Henri Salo <henri@...v.fi>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Requesting/Reserving CVE Question

On Thu, Apr 28, 2011 at 06:42:13PM +0300, Henri Salo wrote:
> On Thu, Apr 28, 2011 at 09:14:57AM -0600, ctruncer@...istophertruncer.com wrote:
> > Hello all,
> > 
> > First off, if this isn't the place to ask this question, I apologize, and
> > feel free to ignore this e-mail.  
> > 
> > I've found a couple vulnerabilities in a web forum/portal/etc. product
> > called IP.Board.  I was looking to reserve a CVE number, and I attempted to
> > contact the address Mitre lists for reserving one, however, it's been
> > nearly a month and I have not received anything back from them.  This is
> > the first vulnerability I have found, and have never requested/reserved a
> > CVE before, so I am a little unfamiliar with the process (although based
> > off of the following website, it looks like all I need to do is send an
> > e-mail to them - http://cve.mitre.org/cve/obtain_id.html).  
> > 
> > I've sent follow up e-mails and I've received no response.  What my
> > question to you all is how long does this process take?  Is there something
> > else that should be done, or someone else the request should be sent to? 
> > What's time normal time frame from requesting a CVE number to hearing back
> > from them?
> > 
> > Thanks for any help/info/advice.  I appreciate it.
> > 
> > Chris
> 
> No luck. With open-source you could have tried:
> http://oss-security.openwall.org/wiki/mailing-lists/oss-security

The oss-security list only handles opensource software, which IP.Board does not appear to be.

As for Mitre, just resend the e-mail, they usually answer at some point in time.
(They seem to be overworked, so its not just you.)

A simple e-mail requesting one as explained in obtain_id.html should work.

Ciao, Marcus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ