On Wed, 2024-08-14 at 15:55 -0500, Mark Esler wrote: > MITRE is not required to assign CVEs. > > It is always best to work with upstream (if possible). MITRE is more > likely to respond if upstream replies to your email ticket ACKing the > CVE request. Otherwise, you may want to ask Red Hat's CNA to assign a > CVE [0].
Thanks, with some off-list help from Red Hat and MITRE I was able to get this resolved and CVE-2024-43199 has been published.
