Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza

[Salvatore Bonaccorso <carnil () debian org>]

Hi Sam,

On Mon, Dec 12, 2016 at 10:40:16AM -0600, Sam Whited wrote:
> Oops, I got the autoreply about not using this list to request CVEs
> after sending that message; now I'm a bit more confused about the
> current procedure; please advise.

Almost sure the autoreply came not from oss-security, but from the
cve-assign () mitre org. But the autoreply should contain a note like:

> [...]
> In the special case of communications involving a publicly known
> vulnerability on the oss-security mailing list, please do not use
> the https://cveform.mitre.org web site at this time, and instead
> send new or followup messages directly to that mailing list. (If
> your message pertains to a topic on the oss-security mailing list,
> and you are receiving an auto-response from the cve-assign () mitre org
> address, then you can ignore that auto-response.)

Was this the case?

HTH,

Regards,
Salvatore