[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110429063052.GC4031@suse.de>
Date: Fri, 29 Apr 2011 08:30:52 +0200
From: Marcus Meissner <meissner@...e.de>
To: Henri Salo <henri@...v.fi>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Requesting/Reserving CVE Question
On Thu, Apr 28, 2011 at 06:42:13PM +0300, Henri Salo wrote:
> On Thu, Apr 28, 2011 at 09:14:57AM -0600, ctruncer@...istophertruncer.com wrote:
> > Hello all,
> >
> > First off, if this isn't the place to ask this question, I apologize, and
> > feel free to ignore this e-mail.
> >
> > I've found a couple vulnerabilities in a web forum/portal/etc. product
> > called IP.Board. I was looking to reserve a CVE number, and I attempted to
> > contact the address Mitre lists for reserving one, however, it's been
> > nearly a month and I have not received anything back from them. This is
> > the first vulnerability I have found, and have never requested/reserved a
> > CVE before, so I am a little unfamiliar with the process (although based
> > off of the following website, it looks like all I need to do is send an
> > e-mail to them - http://cve.mitre.org/cve/obtain_id.html).
> >
> > I've sent follow up e-mails and I've received no response. What my
> > question to you all is how long does this process take? Is there something
> > else that should be done, or someone else the request should be sent to?
> > What's time normal time frame from requesting a CVE number to hearing back
> > from them?
> >
> > Thanks for any help/info/advice. I appreciate it.
> >
> > Chris
>
> No luck. With open-source you could have tried:
> http://oss-security.openwall.org/wiki/mailing-lists/oss-security
The oss-security list only handles opensource software, which IP.Board does not appear to be.
As for Mitre, just resend the e-mail, they usually answer at some point in time.
(They seem to be overworked, so its not just you.)
A simple e-mail requesting one as explained in obtain_id.html should work.
Ciao, Marcus
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists