|
Message-Id: <201309042308.r84N7wHa001693@linus.mitre.org> Date: Wed, 4 Sep 2013 19:07:58 -0400 (EDT) From: cve-assign@...re.org To: vdanen@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: unauthorized host/service views displayed in servicegroup view -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I think the first question is what constitutes a security flaw -- > once that is defined, then I think what upstream does is irrelevant. > If it's a flaw, it's a flaw. CVE assignment by MITRE doesn't look at flaws in quite that way. If a vendor has developed and released software and then sends us a report that the software had a security-relevant mistake, or violated that vendor's intended security policy, that's usually enough for a CVE. Reports from third parties are viewed much more restrictively. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSJ7raAAoJEGvefgSNfHMdG6IH/RaOwVRMz+RWNEbF/ofeAWKV mVCfX+dzdvgsl3vr8r2aDL+K7hHV7RMwUial7ioyOCruTvtvBTRfssXcJrcLzLSF zejR2luTtNNzFIVbjc134gDOis9/Xr2dPwheP0RNHBFRI655tnCWt+gIisPhJujz E/FfW67K7up0/c+dDuzgdHfO1n+PG0Us3SdAnQwKGS181agM4flsWL64XXaITFs4 0Xx8l6UPN6G7ybMikJlsUbiLQZ70au6W0eEqTCvuLILbx0oEFRK47cLxGJSn190N lOIh5F1YwVPeZivXjEc0kdFxY+pypc8v1AxXHzQnzwap+wtxsshmgyadqiiiXD8= =5ycL -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.