Greetings, You are following the correct process to make requests for CVE. The CVE Request form is the best method to request updates, new CVE IDs, or submit questions.
I apologize for the delay in publishing your updates. The Content Team is actively working through our backlog of CVE requests, and your request is among those within the backlog. I will ask the Content Team to make your updates as soon as possible. Please let me know if you have any questions. Thanks. -Dan _________________________ Daniel Adinolfi, CISSP Lead Cybersecurity Engineer, The MITRE Corporation CVE Communications and CNA Coordinator Email: <dadino...@mitre.org> Phone: 781-271-5774 From: Salvatore Bonaccorso <salvatore.bonacco...@gmail.com> on behalf of Salvatore Bonaccorso <car...@debian.org> Date: Monday, January 16, 2017 at 06:14 To: Marina Glancy <mar...@moodle.com> Cc: Dan Poltawski <talkto...@gmail.com>, "851...@bugs.debian.org" <851...@bugs.debian.org>, Moritz Muehlenhoff <j...@debian.org>, "Adinolfi, Daniel R" <dadino...@mitre.org> Subject: Re: Bug#851405: [moodle-packaging] Bug#851405: CVE-2016-9186 CVE-2016-9187 CVE-2016-9188 Hi! On Mon, Jan 16, 2017 at 11:30:50AM +0800, Marina Glancy wrote: Hello Salvatore, apologies for not replying earlier, I was away on holidays. Alright, apologies for prodding you a second time in that short timeframe! I was told by the CVE team that I have to use the online form to update information about the issues. On 10 November 2016 I have sent a request to update an existing CVE for the CVE-2016-9186. I have received an automated reply "CVE Request 260788 for Update Published CVE". I don't see any changes on the page https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9186 following my request to update though. I was not aware of 9187 and 9188, I can request update again but now I'm not even sure this form works. I also use this form to notify about publishing CVE. For example, the last issue I notified about was CVE-2016-8644 on the 21 November 2016 ( https://moodle.org/mod/forum/discuss.php?d=343277 ) but the page https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8644 still does not display any information about the issue. Please advise me what is the correct way to update information on CVEs and/or notify about the publishing. Below is the email that I have received from c...@mitre.org<mailto:c...@mitre.org> in the end of October in reply to my request to update information about CVE 2016-7919. Actually the above is right, the form is now the right way to ask for CVEs (if the issue is not yet public, if the issue is public, one can go as well via oss-security mailinglist), or to have CVE items updated. Maybe Daniel can share some insights if your request went lost. Thanks for your work! Regards, Salvatore
