This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Streamlining CVE assignment for glibc
- From: Florian Weimer <fweimer at redhat dot com>
- To: Roland McGrath <roland at hack dot frob dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 2 Oct 2015 20:15:58 +0200
- Subject: Re: Streamlining CVE assignment for glibc
- Authentication-results: sourceware.org; auth=none
- References: <560E423D dot 1020106 at redhat dot com> <20151002180644 dot 171C62C3B6D at topped-with-meat dot com>
On 10/02/2015 08:06 PM, Roland McGrath wrote:
> Please write it all up on the glibc wiki.
Which aspect? The relevant parts of the CVE assignment process are
covered here:
<https://sourceware.org/glibc/wiki/Security%20Process>
I just added hyperlinks to <http://cve.mitre.org/about/>. The inner
workings of CVE assignment are less relevant unless glibc becomes an
independent CNA, but I really don't see a reason for that.
Or do you need a reason why we are doing this?
Florian