Re: [Full-disclosure] Requesting/Reserving CVE Question

[Henri Salo <henri@xxxxxxx>]

On Thu, Apr 28, 2011 at 09:14:57AM -0600, ctruncer@xxxxxxxxxxxxxxxxxxxxxx wrote:
> Hello all,
> 
> First off, if this isn't the place to ask this question, I apologize, and
> feel free to ignore this e-mail.  
> 
> I've found a couple vulnerabilities in a web forum/portal/etc. product
> called IP.Board.  I was looking to reserve a CVE number, and I attempted to
> contact the address Mitre lists for reserving one, however, it's been
> nearly a month and I have not received anything back from them.  This is
> the first vulnerability I have found, and have never requested/reserved a
> CVE before, so I am a little unfamiliar with the process (although based
> off of the following website, it looks like all I need to do is send an
> e-mail to them - http://cve.mitre.org/cve/obtain_id.html).  
> 
> I've sent follow up e-mails and I've received no response.  What my
> question to you all is how long does this process take?  Is there something
> else that should be done, or someone else the request should be sent to? 
> What's time normal time frame from requesting a CVE number to hearing back
> from them?
> 
> Thanks for any help/info/advice.  I appreciate it.
> 
> Chris

No luck. With open-source you could have tried:
http://oss-security.openwall.org/wiki/mailing-lists/oss-security

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/