(lwn.net)

277 points jwilk | 1 comments | 25 Jun 25 19:36 UTC | HN request time: 0.272s | source

Show context

kstrauser ◴[25 Jun 25 22:52 UTC] No.44382528[source]▶

> It includes a request for Wellnhofer to provide a CVE number for the vulnerability and provide information about an expected patch date.

“Three.”

“Like, the number 3? As in, 1, 2, …?”

“Yes. If you’re expecting me to pick, this will be CVE-3.”

1. viraptor ◴[26 Jun 25 14:19 UTC] No.44387688[source]▶

The project doesn't have to provide one though. The person reporting it can handle it if they care. It's ok to say "I'm not interested in those".

Libxml2's "no security embargoes" policy