Dear Bram, Could you please let me know if you consider every Vim bug report on Huntr.dev a security issue? Should Huntr.dev be assigning a CVE to every bug report?
Thank you, Mark Esler On Tuesday, December 13, 2022 at 1:01:39 AM UTC-6 Mark Esler wrote: > Hi all, > > There are some bugs on huntr that are labeled as "This vulnerability will > not receive a CVE", but then later receive a CVE. (e.g., > https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921/ ) > > Bugs that are not security issues should not receive CVEs. Some of the > text on huntr's website makes it feel that they treat all *bug* reports as > (security) vulnerabilities. > > Is this intentional? > > (earlier I did a quick check and ~half of the bugs were receiving CVEs. > Huge thanks to Bram for handling all of these and making concise patches > that include tests.) > > Thank you, > Mark Esler > > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/109944ff-9c9a-4ba5-aa00-50f0f80931ean%40googlegroups.com.
