[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2023-43628?
From: |
Gary E. Miller |
Subject: |
Re: CVE-2023-43628? |
Date: |
Tue, 12 Dec 2023 11:53:59 -0800 |
Yo Jon!
On Tue, 12 Dec 2023 07:54:46 -0500
Jon Schlueter <jon.schlueter@gmail.com> wrote:
> What would probably be best is to get any issue resolved with a commit
> referencing that CVE
Too late, the commit was done before the I knew their was going to be
a CVE, and while the issue was "embargoed".
> but also that the feature/bug came in with
> development code since latest release and then a message can be sent
> to get the CVE closed with Note, only impacted development branch and
> this project uses Release tags.
Once again, Cisco, not MITRE. No one is responding to my emails on
closing it.
> Maybe they will close it, maybe not but if there is a commit with
> details and description there is less drama around it.
Except the "disclosure" rules mean the commit has to be made before
the issue is public.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgplNwytKpfoP.pgp
Description: OpenPGP digital signature
Re: CVE-2023-43628?, Gary E. Miller, 2023/12/11