On Sat, 2006-05-06 at 11:37 -0400, Josh Bressers wrote: > > Are security issues that don't have a CVE number tracked somewhere? > > Some issues may not have it by the time they're disclosed and I guess > > there are ones that for whatever reason don't have and aren't going to > > get one. If they're tracked in the usual audit/* files, what's the > > preferred format for them? > > Put something along the lines of CVE-NOID as the ID so we know it needs > help (be sure to file a bug so we know what the issue is). Ok, done. > You can mail cve@xxxxxxxxx with pointers at > new security issues and they should assign an ID. Done for the awstats issue, no response yet.
