oss-sec mailing list archives

Re: Security bug report read-protected

From: Andreas Stieger <astieger () suse com>
Date: Fri, 9 Jun 2017 15:50:07 +0200

Hello


On 06/09/2017 01:49 AM, Qhdwns123 wrote:

If you are reporting bugs to the bugzilla site,
When an anonymous user accesses the page, the following message is displayed and access is blocked.
"You are not authorized to access bug #632521. To see this bug, you must first log in to an account with the 
appropriate permissions"
As far as I know, when you request a CVE, you need to create an accessible reference address for anonymous users.


I do not think this is correct. The CVE request needs to only contain
the minimum information required to identify the issue and assign a CVE.
A bug tracker reference needs to be unique and a permanent identifier,
not necessarily publicly readable at the time of the report.

Andreas

-- 

Andreas Stieger <astieger () suse com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

Current thread:

Security bug report read-protected Qhdwns123 (Jun 09)
- Re: Security bug report read-protected Johannes Bauer (Jun 09)
- Re: Security bug report read-protected Andreas Stieger (Jun 09)