[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DWF CVE ID Descriptive Content

To: "Coffin, Chris" <ccoffin@mitre.org>
Subject: Re: DWF CVE ID Descriptive Content
From: Kurt Seifried <kseifried@redhat.com>
Date: Thu, 6 Oct 2016 11:22:46 -0600
Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=redhat.com;mitre.org; dkim=none (message not signed) header.d=none;
Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Delivery-date: Thu Oct 6 16:10:51 2016
In-reply-to: <MWHPR09MB14852A53B86AEE4A5031D3FFA1C70@MWHPR09MB1485.namprd09.prod.outlook.com>
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <MWHPR09MB14852A53B86AEE4A5031D3FFA1C70@MWHPR09MB1485.namprd09.prod.outlook.com>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
Spamdiagnosticoutput: 1:2

One note:

I just had anagawat@fb.com accept the CVE Terms of Use, but he requested the CVE as anagawat+cve@fb.com email alias. I don't want us to have to get into the realms of email address normalization (+foo, dots in gmail addresses, etc.). So I'm going to update the DWF Database to reflect the correct email, and in future the confirmation of acceptance of MITRE CVE ToU will contain a GUID so I can say with certainty for example that the email was sent to foo@example.org and despite coming back "from" something@example.org it is indeed legitimate for foo@example.org.

On Thu, Oct 6, 2016 at 11:02 AM, Coffin, Chris <ccoffin@mitre.org> wrote:

All,

As we discussed in the board call yesterday, we have turned on the descriptive content within the DWF CNA data stream. An example of a complete DWF-assigned and populated CVE ID is referenced below.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000000

The descriptive content for these CVE IDs is authored by DWF CNA. As such, the descriptive content can look quite a bit different from the content traditionally developed by MITRE. Please let us know if you have any suggestions or concerns, and we will work with the DWF CNA as appropriate.

The complete list of populated DWF CVE IDs is as follows:

CVE-2015-1000000

CVE-2015-1000001

CVE-2015-1000002

CVE-2015-1000003

CVE-2015-1000004

CVE-2015-1000005

CVE-2015-1000006

CVE-2015-1000007

CVE-2015-1000008

CVE-2015-1000009

CVE-2015-1000010

CVE-2015-1000011

CVE-2015-1000012

CVE-2015-1000013

CVE-2016-1000000

CVE-2016-1000009

CVE-2016-1000014

CVE-2016-1000217

Chris Coffin

The CVE Team

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Follow-Ups:
- RE: DWF CVE ID Descriptive Content
  - From: "Coffin, Chris" <ccoffin@mitre.org>

References:
- DWF CVE ID Descriptive Content
  - From: "Coffin, Chris" <ccoffin@mitre.org>

Prev by Date: DWF CVE ID Descriptive Content
Next by Date: RE: DWF CVE ID Descriptive Content
Previous by thread: DWF CVE ID Descriptive Content
Next by thread: RE: DWF CVE ID Descriptive Content
Index(es):
- Date
- Thread