Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <339fe63d242a449eafb9b435b3557137@imshyb01.MITRE.ORG>
Date: Wed, 18 Jan 2017 00:54:21 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: jasper: multiple crashes with UBSAN

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The previous mail clearly state:
>> Timeline:
>> 2016-10-28: bug discovered and reported to upstream

> Why CVE-2017-* ?

The year portion of a CVE ID does not necessarily correspond to a
vulnerability discovery date. To obtain a CVE-2016-* ID, at least one
of the following must be true:

  - the original CVE ID request occurred during 2016

or

  - the original CVE ID request mentioned a specific vulnerability
    reference URL that was a publicly accessible URL before the end of
    2016 (although a Reproducer URL is very useful, we do not consider
    it a vulnerability reference URL)

These criteria were not met, and therefore a CVE-2017-* ID was
assigned, and remains the correct ID.

For the other CVE-2017-* numbers associated with similar timelines,
the CVE-2017-* number remains valid. We do not change them to
CVE-2016-* numbers.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfwJ+AAoJEHb/MwWLVhi2SroQAKl5y+adO9sOb86mXQIznunB
lxZusAsBZ4UzKDw8hzzF+pxPcJoQujEa1Dbr+0TJhJ+LMHvIF9fdqFVTfUk3HizH
yIRWiQtKDLkt3971DzpSPIZOg4af2BhPLwUMW7hToGB94tUKvtdSHEquaRSMZFLF
WDs+hAuLgeF5SzhjC49MDNbUt9Xbn+m79rTBayxvCD3p1CpePJ5cuvPscdLmhvuS
qXNzYdtjRIVf9puO2kEcr+5vt8gSKggWmgUt6hSWsVMCj16wrliGfaUYwvhFqybN
qnNW83aC28xIUpHSrpFQ1LEc5vosOmQJ9Q5uvHfWplbw5BZR0YwZaN7gKyVmS7NB
cpTFGktRwwl0bHEMY+q13Z2Mc/vc67GGw4sBy/A2gGvvn505pWyaCgKK90Wu+93u
ztPYKHguUR/47C6XwMCmJXCLXvZU5zTil7nemw/DZqQ5/fy2v44gef0Fad23lCL0
JU9qw2CJ/1Xh6H6zSlVbeGcoFAanrq4ePOs9yINWl8GpCMJCBgX+WGU7mKbp3L7d
8kWO90F/JkSLDrb52EyTkyqI8npeKSMRybG2tpcyyKzgkAJK9WvcHNvtrVIAro0f
89oxDrNmPv9PIth0Gvr0pyTRlaWN6V40x+GGeIu17gTCoSb0zpJIueydhnJuIhaE
V8c9BHJtVjtdd1LHa9vM
=pEew
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.