[ecd-pmc] CVE Request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[ecd-pmc] CVE Request

From: Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Dec 2019 12:59:54 -0500
Delivered-to: ecd-pmc@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/ecd-pmc>
List-help: <mailto:ecd-pmc-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/ecd-pmc>, <mailto:ecd-pmc-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/ecd-pmc>, <mailto:ecd-pmc-request@eclipse.org?subject=unsubscribe>

Greetings PMC. I require your assistance.

Please see Bug 551596. This bug, which is currently marked "committers-only", describes a vulnerability (the 90 day window for disclosure is approaching). That vulnerability has been patched by the project team, but requests from the reporter to have the vulnerability disclosed as a CVE have no response. I believe that the project team may require some assistance. I've provided some generic guidance, but without detailed knowledge of the problem, it's difficult for me to be more specific.

The handbook provides guidance regarding how to actually engage.

https://www.eclipse.org/projects/handbook/#vulnerability-cve

Thanks for your assistance in this matter.

In a related topic, I believe that having representation of the ECD PMC on the Security Team (so that a member of the PMC will be able to respond to messages regarding ECD projects) would be of incredible value to your community.

Wayne

Wayne Beaton

Director of Open Source Projects | Eclipse Foundation, Inc.

Prev by Date: [ecd-pmc] [CQ 21306] regenerator-runtime 0.13.3
Next by Date: [ecd-pmc] [CQ 21309] xterm-addon-fit 0.3.0
Previous by thread: [ecd-pmc] [CQ 21306] regenerator-runtime 0.13.3
Next by thread: [ecd-pmc] [CQ 21309] xterm-addon-fit 0.3.0
Index(es):
- Date
- Thread

Breadcrumbs