Hi! On Mon, Jan 16, 2017 at 11:30:50AM +0800, Marina Glancy wrote: > Hello Salvatore, > apologies for not replying earlier, I was away on holidays.
Alright, apologies for prodding you a second time in that short timeframe! > I was told by the CVE team that I have to use the online form to update > information about the issues. On 10 November 2016 I have sent a request to > update an existing CVE for the CVE-2016-9186. I have received an automated > reply "CVE Request 260788 for Update Published CVE". I don't see any > changes on the page > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9186 following my > request to update though. I was not aware of 9187 and 9188, I can request > update again but now I'm not even sure this form works. > > I also use this form to notify about publishing CVE. For example, the last > issue I notified about was CVE-2016-8644 on the 21 November 2016 ( > https://moodle.org/mod/forum/discuss.php?d=343277 ) but the page > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8644 still does not > display any information about the issue. > > Please advise me what is the correct way to update information on CVEs > and/or notify about the publishing. Below is the email that I have received > from c...@mitre.org in the end of October in reply to my request to update > information about CVE 2016-7919. Actually the above is right, the form is now the right way to ask for CVEs (if the issue is not yet public, if the issue is public, one can go as well via oss-security mailinglist), or to have CVE items updated. Maybe Daniel can share some insights if your request went lost. Thanks for your work! Regards, Salvatore
