Good afternoon,

Thank you for contacting the NVD! While we are able to supply Vendor Comments, they will only appear on the NVD website entry for the CVE. If you are trying to have this type of information proliferated, a more preferable method would be to contact the CVE Assignment Team using the form at https://cveform.mitre.org/ . You should be able to have the reference links added to the official CVE Dictionary this way and could request the CVE description be updated to reflect the patched version as well. Once these changes are made to the CVE Dictionary, they would appear in the NVD database within 24 hours.

To avoid having duplicate data on the CVE, would you be willing to contact the CVE assignment team before we dedicate to assigning Vendor Comments?

V/r,

Christopher Turner
National Vulnerability Database
***@nist.gov<mailto:***@nist.gov>

From: Friedrich Beckmann [mailto:***@gmx.de]
Sent: Wednesday, August 30, 2017 2:47 AM
To: nvd <***@nist.gov>
Cc: Pspp-users <pspp-***@gnu.org>
Subject: CVE-2017-10791 and others - Vendor Comments for Product GNU PSPP

Dear Sirs,

i am a maintainer for the GNU pspp product which is free open source software.

See: https://savannah.gnu.org/project/memberlist.php?group=pspp

I would like to ask you to include the following vendor comments for the following
CVE’s

CVE-2017-10791
CVE-2017-10792

This has been fixed in release 0.11.0. See: https://savannah.gnu.org/forum/forum.php?forum_id=8926

CVE-2017-12958
CVE-2017-12959
CVE-2017-12960
CVE-2017-12961

This has been fixed in release 1.0.1. See: https://savannah.gnu.org/forum/forum.php?forum_id=8936

Regards

Friedrich Beckmann