[VIM] 267 Missing CVE in Jan, 2013 - please assign
kseifried at redhat.com
Wed Mar 20 14:03:13 CDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 03/20/2013 12:31 PM, Brian Martin wrote:
> OSVDB has currently 757 vulnerabilities for Jan 2013. Of these, 267
> do not have CVE identifiers.
> For your convenience, you can use the following URL to quickly
> list them, along with the OSVDB ID. Please feel free to use our
> references and don't hesitate to ask questions!
> Brian OSVDB.org
Apologies if the following questions have been asked/answered before,
I've only been on the VIM list for a few days now. I appreciate what
osvdb does, it's a thankless task and a ton of work. However I have
How have you confirmed that no cve is assigned? E.g. a quick look and
I see at least one for which I assigned CVEs publicly:
Piwik Multiple Unspecified XSS
I assigned the CVEs here:
based on the same url as you
(http://piwik.org/blog/2013/01/piwik-1-10/). So I can't simply use
this list to assign CVE's for the Open Source stuff since it is
incorrect (e.g. stuff for which you say no CVE is assigned do have
CVE's assigned). I also don't have the time to confirm a CVE was not
assigned through some other method (e.g. via Mitre/etc.).
Also for the vendor stuff like Apple/Adobe/Google where that vendor is
a CNA have you reached out to them to confirm no CVE is assigned
and/or get a CVE assigned as needed?
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the VIM