Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20150618121721.7DCB47BC098@smtpvmsrv1.mitre.org>
Date: Thu, 18 Jun 2015 08:17:21 -0400 (EDT)
From: cve-assign@...re.org
To: thoger@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, kaplanlior@...il.com, security@....net
Subject: Re: CVE Request: various issues in PHP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> same reporter, same type, same affected (released)
> versions, and the same PHP extension

Vulnerabilities with different disclosure dates aren't merged. (This
doesn't mean that we would want to have separate CVEs for a
developer's efforts to completely fix one type of problem in a single
piece of code, before any changes were in a release, even if the
efforts took a while. However, even in the case of a single piece of
code, multiple CVEs can occur if there is a CVE assignment at a time
when development work seems finished, and then this work continues.)

> issue affecting different module of the code base
> is not a typical reason for split.

"different module" would be relevant if it were known that the code in
one module was originally introduced in one version, and this was not
the same version as for the other code.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVgrW7AAoJEKllVAevmvmsUz4H/0sh6svZ2GQV4/docwDrfdZA
JVV7P8NFja6XlKMQsGDvSrsollGjA2TZf7y7D56mXIjK6hv57tS5bzTcH2ofQSfY
Au0IOyM+/MDu8pnt1pXAyBvYbwaMQOvZRFMA96imL46/KPwnKPUACrnXfu6BpXU4
u186I9Na+8RKc47yajjg3ddUjTl1aMGjXXbEXK1c9XtnKjU1zk7Gd0HCRqcMRW6b
+4ojMyyPigXNbPXb1YtFUS3BZ25p7jLVzNHvaBeKEddJuHtyyq7lHZbAYDbi0Ykb
K7h1uCtg9XpzkRvEQnJzBEFCsgEMQs9PURNhWd2S+wVSCzSL+AxgPm0a/hbpZ5o=
=QwlQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.