|
Message-ID: <20150325130531.GO2457@openstack.org>
Date: Wed, 25 Mar 2015 13:05:32 +0000
From: Jeremy Stanley <jeremy@...nstack.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE request for OpenStack Compute (nova)
On 2015-03-25 03:13:40 -0400 (-0400), cve-assign@...re.org wrote:
[...]
> Similarly, there's obviously no obligation to send a notification to
> oss-security whenever a potential vulnerability has been evaluated.
Correct, and we don't in those situations. In this case it was
brought to the list by a representative of a Linux distribution
affected by the bug in a release we no longer support upstream,
since they need to implement a fix for it in their product.
--
Jeremy Stanley
Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.