Thank you for contacting the NVD! While we are able to supply Vendor Comments, they will only appear on the NVD website entry for the CVE. If you are trying to have this type of information proliferated, a more preferable method would be to contact the CVE Assignment Team using the form at https://cveform.mitre.org/ . You should be able to have the reference links added to the official CVE Dictionary this way and could request the CVE description be updated to reflect the patched version as well. Once these changes are made to the CVE Dictionary, they would appear in the NVD database within 24 hours.
To avoid having duplicate data on the CVE, would you be willing to contact the CVE assignment team before we dedicate to assigning Vendor Comments?
National Vulnerability Database
From: Friedrich Beckmann [mailto:***@gmx.de]
Sent: Wednesday, August 30, 2017 2:47 AM
To: nvd <***@nist.gov>
Cc: Pspp-users <firstname.lastname@example.org>
Subject: CVE-2017-10791 and others - Vendor Comments for Product GNU PSPP
i am a maintainer for the GNU pspp product which is free open source software.
I would like to ask you to include the following vendor comments for the following
This has been fixed in release 0.11.0. See: https://savannah.gnu.org/forum/forum.php?forum_id=8926
This has been fixed in release 1.0.1. See: https://savannah.gnu.org/forum/forum.php?forum_id=8936