cve
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
cve [2019/04/29 03:43] – stas | cve [2019/04/29 06:37] – Clarified that unreachable code might be vulnerable, but since it's de facto unreachable, it's not subject to exploitation until being made reachable. It should still be marked as a security issue, just not issued a CVE. bishop | ||
---|---|---|---|
Line 12: | Line 12: | ||
- Read the issues and ensure the vulnerability needs a CVE. Refer to https:// | - Read the issues and ensure the vulnerability needs a CVE. Refer to https:// | ||
* What usually needs a CVE: an issue where remote user gets to read what is not supposed to be read, write what is not supposed to be written, crash what is not supp... you get the idea. | * What usually needs a CVE: an issue where remote user gets to read what is not supposed to be read, write what is not supposed to be written, crash what is not supp... you get the idea. | ||
- | * What usually does not need a CVE: configuration issues, security enhancements not linked to a specific vulnerability, | + | * What usually does not need a CVE: configuration issues, security enhancements not linked to a specific vulnerability, |
- Take first item from the list of unallocated IDs below, and move it to the list of allocated IDs together with the bug ID | - Take first item from the list of unallocated IDs below, and move it to the list of allocated IDs together with the bug ID | ||
- | - If there' | + | - If there' |
- Edit the bug and add CVE id to the issue | - Edit the bug and add CVE id to the issue | ||
- Once the bug is fixed, add the CVE number selected to the bug fix to the release notes (NEWS). | - Once the bug is fixed, add the CVE number selected to the bug fix to the release notes (NEWS). |
cve.txt · Last modified: 2022/10/24 00:45 by stas