Hi Stas Excellent!!
thanks you for taking care of this best, Pierre On Mon, Apr 29, 2019, 10:51 AM Stanislav Malyshev <smalys...@gmail.com> wrote: > Hi! > > I have set up PHP as CNA (CVE Identifiers authority) with MITRE. That > means that we will be assigning our own CVEs from now on. The process in > broad strokes works like this: > > 1. We request a block of numbers > 2. When we have security bug, we use one of the numbers in the block > 3. We create CVE descriptions and commit them to the cvelist repo > > Much more detailed documentation on how it is done is here: > https://wiki.php.net/cve > > So far I am the only one who is registered to commit CVE descriptions to > MITRE upstream repo, but if somebody wants to do it too, I'm sure it can > be arranged. > Note that you can assign CVE to a bug not yet fixed or published in the > open. Please use this capability responsibly and keep the tracking in > https://wiki.php.net/cve . If you are not familiar with the process or > don't want to bother, just put "needed" as CVE number and it will be > taken care of. Please not enter the bug details into the public repo > before the fix is released. > > If you have any questions about this, please ask me. > -- > Stas Malyshev > smalys...@gmail.com >
