Mailinglist Archive: opensuse-packaging (174 mails)

< Previous Next >
[opensuse-packaging] Fwd: [devel] CVE Syntax Change
  • From: Sascha Peilicke <speilicke@xxxxxxxx>
  • Date: Wed, 13 Nov 2013 12:23:21 +0100
  • Message-id: <5993025.FABfOFUyaX@os>

--
Sascha Peilicke
SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg)
--- Begin Message ---
  • From: Alexander Bergmann <abergmann@xxxxxxxx>
  • Date: Wed, 13 Nov 2013 11:40:33 +0100
  • Message-id: <20131113104033.GB16737@surtsey.monkey.lab>
Dear colleagues,

here's a heads-up from the Security Team on the upcoming Common
Vulnerabilities and Exposures (CVE) format expansion.

With the increasing number of discovered security problems the current
fixed format of CVE-YYYY-NNNN (9999 IDs per year) is reaching its limit.
Therefore, starting with January the 1st of 2014, a new syntax for CVE
identifiers will be introduced. The new format will have a minimum of 4
digits as it is right now, but will have no maximum. The capacity is
simply expanded with another digit if needed.

Old Syntax (Fixed 4-Digit Examples) [1]
CVE-1999-0067
CVE-2005-4873
CVE-2012-0158

New Syntax (Arbitrary Digits Examples) [1]
CVE-2014-0001
CVE-2014-12345
CVE-2014-7654321


ACTION: Please check if you have any software that is using or parsing
CVE numbers and verify that the arbitrary digit lengths are working.


Official statement and description form MITRE:
http://cve.mitre.org/cve/identifiers/syntaxchange.html
[1] http://cve.mitre.org/cve/identifiers/cve-ids.html


With kind regards,
Alex

--
Alexander Bergmann <abergmann@xxxxxxxx>
Security Software Engineer
SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg)

--- End Message ---
< Previous Next >
This Thread
  • No further messages