Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181003202140.GH25942@hunt>
Date: Wed, 3 Oct 2018 13:21:40 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: arm64 Linux kernel: Privilege escalation by
 taking control of the KVM hypervisor

On Wed, Oct 03, 2018 at 08:57:05AM +0200, Florian Weimer wrote:
> > On Tue, Oct 02, 2018 at 05:07:14PM +0100, Will Deacon wrote:
> >> There has not yet been a CVE requested for this (mainly because I don't know
> >> how to do it).
> >
> > Please use https://cveform.mitre.org/ thanks.
> 
> Would DFW work as well?
> 
>   <https://github.com/distributedweaknessfiling/cvelist>
> 
> I'm asking because the Rust people tried to get an ID from there, but
> apparently never got a reply.

In my experience the MITRE form is significantly more reliable and faster
mechanism than the DWF form.

I realize this is perhaps a chicken-and-egg problem, where DWF might not
be fast until they get enough traffic that they have to be fast, but MITRE
is fast *today*, so any individual CVE requestor is probably better suited
to use MITRE.

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.