Discussion:
CVE-2017-10791 and others - Vendor Comments for Product GNU PSPP
(too old to reply)
Friedrich Beckmann
2017-08-30 06:46:39 UTC
Permalink
Dear Sirs,

i am a maintainer for the GNU pspp product which is free open source software.

See: https://savannah.gnu.org/project/memberlist.php?group=pspp <https://savannah.gnu.org/project/memberlist.php?group=pspp>

I would like to ask you to include the following vendor comments for the following
CVE’s

CVE-2017-10791
CVE-2017-10792

This has been fixed in release 0.11.0. See: https://savannah.gnu.org/forum/forum.php?forum_id=8926 <https://savannah.gnu.org/forum/forum.php?forum_id=8926>

CVE-2017-12958
CVE-2017-12959
CVE-2017-12960
CVE-2017-12961

This has been fixed in release 1.0.1. See: https://savannah.gnu.org/forum/forum.php?forum_id=8936 <https://savannah.gnu.org/forum/forum.php?forum_id=8936>

Regards

Friedrich Beckmann
Turner, Christopher A. (Ctr)
2017-08-31 18:17:40 UTC
Permalink
Good afternoon,

Thank you for contacting the NVD! While we are able to supply Vendor Comments, they will only appear on the NVD website entry for the CVE. If you are trying to have this type of information proliferated, a more preferable method would be to contact the CVE Assignment Team using the form at https://cveform.mitre.org/ . You should be able to have the reference links added to the official CVE Dictionary this way and could request the CVE description be updated to reflect the patched version as well. Once these changes are made to the CVE Dictionary, they would appear in the NVD database within 24 hours.

To avoid having duplicate data on the CVE, would you be willing to contact the CVE assignment team before we dedicate to assigning Vendor Comments?

V/r,

Christopher Turner
National Vulnerability Database
***@nist.gov<mailto:***@nist.gov>

From: Friedrich Beckmann [mailto:***@gmx.de]
Sent: Wednesday, August 30, 2017 2:47 AM
To: nvd <***@nist.gov>
Cc: Pspp-users <pspp-***@gnu.org>
Subject: CVE-2017-10791 and others - Vendor Comments for Product GNU PSPP

Dear Sirs,

i am a maintainer for the GNU pspp product which is free open source software.

See: https://savannah.gnu.org/project/memberlist.php?group=pspp

I would like to ask you to include the following vendor comments for the following
CVE’s

CVE-2017-10791
CVE-2017-10792

This has been fixed in release 0.11.0. See: https://savannah.gnu.org/forum/forum.php?forum_id=8926

CVE-2017-12958
CVE-2017-12959
CVE-2017-12960
CVE-2017-12961

This has been fixed in release 1.0.1. See: https://savannah.gnu.org/forum/forum.php?forum_id=8936

Regards

Friedrich Beckmann
Ben Pfaff
2017-09-01 14:43:26 UTC
Permalink
I've now submitted requests to MITRE for updates.
Post by Turner, Christopher A. (Ctr)
Good afternoon,
Thank you for contacting the NVD! While we are able to supply Vendor Comments, they will only appear on the NVD website entry for the CVE. If you are trying to have this type of information proliferated, a more preferable method would be to contact the CVE Assignment Team using the form at https://cveform.mitre.org/ . You should be able to have the reference links added to the official CVE Dictionary this way and could request the CVE description be updated to reflect the patched version as well. Once these changes are made to the CVE Dictionary, they would appear in the NVD database within 24 hours.
To avoid having duplicate data on the CVE, would you be willing to contact the CVE assignment team before we dedicate to assigning Vendor Comments?
V/r,
Christopher Turner
National Vulnerability Database
Sent: Wednesday, August 30, 2017 2:47 AM
Subject: CVE-2017-10791 and others - Vendor Comments for Product GNU PSPP
Dear Sirs,
i am a maintainer for the GNU pspp product which is free open source software.
See: https://savannah.gnu.org/project/memberlist.php?group=pspp
I would like to ask you to include the following vendor comments for the following
CVE’s
CVE-2017-10791
CVE-2017-10792
This has been fixed in release 0.11.0. See: https://savannah.gnu.org/forum/forum.php?forum_id=8926
CVE-2017-12958
CVE-2017-12959
CVE-2017-12960
CVE-2017-12961
This has been fixed in release 1.0.1. See: https://savannah.gnu.org/forum/forum.php?forum_id=8936
Regards
Friedrich Beckmann
_______________________________________________
Pspp-users mailing list
https://lists.gnu.org/mailman/listinfo/pspp-users
Continue reading on narkive:
Loading...