Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20161214152757.trz2hsav4mpjyoph@eldamar.local>
Date: Wed, 14 Dec 2016 16:27:57 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: CVE Request: MCabber: remote attackers can
 modify the roster and intercept messages via a crafted roster-push IQ stanza

Hi Sam,

On Mon, Dec 12, 2016 at 10:40:16AM -0600, Sam Whited wrote:
> Oops, I got the autoreply about not using this list to request CVEs
> after sending that message; now I'm a bit more confused about the
> current procedure; please advise.

Almost sure the autoreply came not from oss-security, but from the
cve-assign@...re.org. But the autoreply should contain a note like:

> [...]
> In the special case of communications involving a publicly known
> vulnerability on the oss-security mailing list, please do not use
> the https://cveform.mitre.org web site at this time, and instead
> send new or followup messages directly to that mailing list. (If
> your message pertains to a topic on the oss-security mailing list,
> and you are receiving an auto-response from the cve-assign@...re.org
> address, then you can ignore that auto-response.)

Was this the case?

HTH,

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.