Re: CVE id request: busybox

[Raphael Geissert <geissert () debian org>]

Hi Kurt,

On 5 March 2013 19:20, Kurt Seifried <kseifried () redhat com> wrote:
> On 03/05/2013 06:30 AM, Raphael Geissert wrote:
> > What can we do about it?
> >
> > We already have a quite long list of issues without a CVE id and
> > this is not good for anybody:
> > https://security-tracker.debian.org/tracker/data/fake-names
>
> So research them and post the requests here, problem solved! It's not
> like I'm unwilling to give out CVEs or something. I simply can't spend
> an hour researching each one.
>
> > (nb. some of the issues in the list might already have an id but
> > the temporary entry hasn't been removed or it was decided that no
> > id should be assigned)
>
> And that's why I'm not going to deal with them myself, it would eat up
> all my time. I need some help here in other words.

Sure thing; I'm not asking you to go through that list. It's just that
it is a kind of indicator that there are potentially quite a number of
issues that aren't being tracked properly.

And thanks for clarifying your position regarding the original sources
of information. I hope that in the future there won't be any such
cases where an id isn't assigned due to miscommunication.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net