lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAA7vvKk1GVEHhZ6SmMyeDTsecdZS7kGbhM+2o97LTWeGVmaRhg@mail.gmail.com>
Date: Wed, 18 Mar 2015 21:26:13 -0700
From: Peter Adkins <peter.adkins@...nelpicnic.net>
To: James Hooker <seidrhrafn@...glemail.com>
Cc: XiaopengZhang <tfrist@...h.net>,
	"cve-assign@...re.org" <cve-assign@...re.org>, fulldisclosure@...lists.org
Subject: Re: [FD] Regarding how can I request a CVE number?

I've encountered a similar issue earlier this year.

I'm in the same boat with regards to wondering whether there was a
problem with content / submission - despite following the supplied
guidelines - or whether the delay in response is due to workload and
prioritization.

Initially I had responses to requests for CVE assignments from Mitre
after around 12 days. However, after replying with the requested
information it went dark, and I haven't heard back since. I've sent a
few follow-ups, but I've just passed the two month mark with no
response, dismissal or assignment.

Just chiming in with my recent experience as I'd definitely be
interested in hearing whether this is more wide spread, or whether
there have been changes to the 'cve-assign' process?

Regards,
Peter Adkins

On Wed, Mar 18, 2015 at 3:32 AM, James Hooker <seidrhrafn@...glemail.com> wrote:
> Hi XZ,
>
> I managed to get a number of CVEs last year, but towards the end of the
> year they simply stopped replying, so I've given up. Whether they stopped
> replying due to work load, or whether my submissions were not up to their
> requirements I'm not sure.
>
> If you find out any more, I'd be interested in knowing why they've stopped
> assigning CVEs to certain submission sources.
>
> Kind regards,
> James H
>
> On Tue, Mar 17, 2015 at 11:25 PM, XiaopengZhang <tfrist@...h.net> wrote:
>
>> Hi Guys,
>>
>> I discovered several Vuls and have reported them to the vendors, so I'd
>> like to request the CVE for them.(The vendor did not want to request CVE)
>>
>> I ever sent some emails to cve-assign@...re.org for applying for CVE.
>> But so far still nobody replys them. I dont know what happend about this
>> email box.
>> Is my email recognised as spam? Or do I need write the email content in a
>> special format?
>>
>> So please, can somebody here help me?
>> Thanks
>>
>> Best wishes,
>> XZ
>>
>> _______________________________________________
>> Sent through the Full Disclosure mailing list
>> https://nmap.org/mailman/listinfo/fulldisclosure
>> Web Archives & RSS: http://seclists.org/fulldisclosure/
>>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ