lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Mar 2015 21:26:13 -0700 From: Peter Adkins <peter.adkins@...nelpicnic.net> To: James Hooker <seidrhrafn@...glemail.com> Cc: XiaopengZhang <tfrist@...h.net>, "cve-assign@...re.org" <cve-assign@...re.org>, fulldisclosure@...lists.org Subject: Re: [FD] Regarding how can I request a CVE number? I've encountered a similar issue earlier this year. I'm in the same boat with regards to wondering whether there was a problem with content / submission - despite following the supplied guidelines - or whether the delay in response is due to workload and prioritization. Initially I had responses to requests for CVE assignments from Mitre after around 12 days. However, after replying with the requested information it went dark, and I haven't heard back since. I've sent a few follow-ups, but I've just passed the two month mark with no response, dismissal or assignment. Just chiming in with my recent experience as I'd definitely be interested in hearing whether this is more wide spread, or whether there have been changes to the 'cve-assign' process? Regards, Peter Adkins On Wed, Mar 18, 2015 at 3:32 AM, James Hooker <seidrhrafn@...glemail.com> wrote: > Hi XZ, > > I managed to get a number of CVEs last year, but towards the end of the > year they simply stopped replying, so I've given up. Whether they stopped > replying due to work load, or whether my submissions were not up to their > requirements I'm not sure. > > If you find out any more, I'd be interested in knowing why they've stopped > assigning CVEs to certain submission sources. > > Kind regards, > James H > > On Tue, Mar 17, 2015 at 11:25 PM, XiaopengZhang <tfrist@...h.net> wrote: > >> Hi Guys, >> >> I discovered several Vuls and have reported them to the vendors, so I'd >> like to request the CVE for them.(The vendor did not want to request CVE) >> >> I ever sent some emails to cve-assign@...re.org for applying for CVE. >> But so far still nobody replys them. I dont know what happend about this >> email box. >> Is my email recognised as spam? Or do I need write the email content in a >> special format? >> >> So please, can somebody here help me? >> Thanks >> >> Best wishes, >> XZ >> >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> https://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: http://seclists.org/fulldisclosure/ >> > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists