On Thu, Aug 25, 2011 at 03:52:00PM -0400, [email protected] wrote: > On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said: > > On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote: > > > Use CVE-2011-3192. > > > > why the fuck use this shit? > > So that when two different people issue advisories about it, if they both say > CVE-2011-3192, we know it's the same issue. Otherwise if you got some people > writing about Kingcope's hole with gzip and others writing about Zalewski's > hole with Range: it's hard to tell if they're really the same issue or not. >
ok, there might be some sense in using canonical names, but why chose possibly the worst service available? from their front page: "CVE®" - remember, remember what happened with the securityfocus/bugtraq exploit DB? btw, all the shitty id that should be "used" says: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
