Good afternoon, Thank you for contacting the NVD! While we are able to supply Vendor Comments, they will only appear on the NVD website entry for the CVE. If you are trying to have this type of information proliferated, a more preferable method would be to contact the CVE Assignment Team using the form at https://cveform.mitre.org/ . You should be able to have the reference links added to the official CVE Dictionary this way and could request the CVE description be updated to reflect the patched version as well. Once these changes are made to the CVE Dictionary, they would appear in the NVD database within 24 hours.
To avoid having duplicate data on the CVE, would you be willing to contact the CVE assignment team before we dedicate to assigning Vendor Comments? V/r, Christopher Turner National Vulnerability Database n...@nist.gov<mailto:n...@nist.gov> From: Friedrich Beckmann [mailto:friedrich.beckm...@gmx.de] Sent: Wednesday, August 30, 2017 2:47 AM To: nvd <n...@nist.gov> Cc: Pspp-users <pspp-users@gnu.org> Subject: CVE-2017-10791 and others - Vendor Comments for Product GNU PSPP Dear Sirs, i am a maintainer for the GNU pspp product which is free open source software. See: https://savannah.gnu.org/project/memberlist.php?group=pspp I would like to ask you to include the following vendor comments for the following CVE’s CVE-2017-10791 CVE-2017-10792 This has been fixed in release 0.11.0. See: https://savannah.gnu.org/forum/forum.php?forum_id=8926 CVE-2017-12958 CVE-2017-12959 CVE-2017-12960 CVE-2017-12961 This has been fixed in release 1.0.1. See: https://savannah.gnu.org/forum/forum.php?forum_id=8936 Regards Friedrich Beckmann
_______________________________________________ Pspp-users mailing list Pspp-users@gnu.org https://lists.gnu.org/mailman/listinfo/pspp-users
