[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Numbering Authorities (was Re: Upcoming changes for CVE)

On Thu, 1 Oct 2015, jericho wrote:

: Is there an ETA on this? Yet another CNA has stepped up to follow IBM's 
: lead in using the incorrect CVE that is very clearly labeled to be 
: specific to one vendor (CVE-20141-8730), all the while IBM keeps using 
: it in advisory after advisory after several warnings from me, and one 
: from Steve Christey I believe.

Should be CVE-2014-8730, damn typos.

I sent a slightly stern mail to HP's security alert contact, reminding 
them that a) 2014-8730 is not POODLE, but a 'variant of POODLE' 
(something else they got wrong in the advisory), and b) 2014-8730 is 
specific to F5 products, and that they should assign their own CVE 
identifier to cover HP products.

Page Last Updated or Reviewed: October 14, 2015