Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:105508
Return-Path: <kaplanlior@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 86042 invoked from network); 29 Apr 2019 17:22:39 -0000
Received: from unknown (HELO mail-io1-f43.google.com) (209.85.166.43)
  by pb1.pair.com with SMTP; 29 Apr 2019 17:22:39 -0000
Received: by mail-io1-f43.google.com with SMTP id m188so9072943ioa.9
        for <internals@lists.php.net>; Mon, 29 Apr 2019 07:24:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=eY5yVV93awniTMHJdY6w5iNvm7q1rbcVm6xt4KpgB6g=;
        b=L5GcLJDSsR8zQr9t4kWCk+a5YKNfSlW89B+JSYXZ3Vv02HZH+h8dH8zWEl+J6Ire0C
         QDGL14kanF4ViqNrrBIfn760K4mRj7jrpEPC5p4qcvIVq/026KDlVqAC5pbtkxjv4N3K
         SXv89RELsZA4WrejVeuLW6KaXDfpeLKp54QYGY07y68/tcSkv42fyFUJqhwA+2k7QTqj
         bjy0x6H6bxy9Ky+8UZ0WSTrwPG+1Ev32UpcP60VolZ1EiQFzXP6HpCENqNnyzIjdt2sk
         jyJCc+8NJ8wZY+cEdQ+e62K3ivnMPKhjNNRT/TeBAKAY7ZW9gw3mHHwwHFtH7u7tyQjp
         ucyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=eY5yVV93awniTMHJdY6w5iNvm7q1rbcVm6xt4KpgB6g=;
        b=HDLebB3S/J3xWgk5UUTDEbWv4+WUVu1VWE39B2XRnQw9BeZ8TsdizpuvYUyjyy4dhA
         vBA4XFMUGhRH6wU/X3ERP76Eh/WKtv5IvpTRtxiVl4kzILNQO1FnGfvVP+Uns+4ROMII
         +sN6sVkEUSyBMIc8FPZOzy07uNZDOv8LdosFcE4Z9yaWnbT85VFPpte/ix5MCCKgsf2+
         yADVrZqEPflCpxGO8zvkuoa/Nsuv9stOpbBoBnt3izQ2UhjGaUGpdkBdV7n0VVZASYvq
         8eYg0qGAPsq5R1FC/OjN6LDss+1oXptytwOIjj/0tQwTQKo42gYjeC1l37ck/xouLoMt
         n2Yw==
X-Gm-Message-State: APjAAAVelwXW4wC4b5aa5AnIImTdiC53RJ8KLBSkKtYEDaYlob53Yhge
	KO5XbQnKREEOXnZ2qxeA+4AqbhvVGwMr/dcPriM=
X-Google-Smtp-Source: APXvYqy9+5nciRlyvFv9/mEuTIqviJ2p/Bpd2t8zJI8cKfvUEFVbSA3R9ZwbW4nNXj9bQwhUcLt+sqxhFX7faYsIJvE=
X-Received: by 2002:a6b:ef08:: with SMTP id k8mr17639641ioh.127.1556547873955;
 Mon, 29 Apr 2019 07:24:33 -0700 (PDT)
MIME-Version: 1.0
References: <b6e24bc1-1494-e8f6-2664-67c09931ea23@gmail.com>
In-Reply-To: <b6e24bc1-1494-e8f6-2664-67c09931ea23@gmail.com>
Date: Mon, 29 Apr 2019 17:24:21 +0300
Message-ID: <CAEsznC4yLtzEGCCM8HUaWh9A+F=c8kw=P_JxGWcG+Onnf+iy3Q@mail.gmail.com>
To: Stanislav Malyshev <smalyshev@gmail.com>
Cc: PHP Internals <internals@lists.php.net>, "security@php.net" <security@php.net>
Content-Type: multipart/alternative; boundary="0000000000001a64fa0587ac0b5c"
Subject: Re: Issuing CVEs for PHP
From: kaplanlior@gmail.com (Lior Kaplan)

--0000000000001a64fa0587ac0b5c
Content-Type: text/plain; charset="UTF-8"

On Mon, Apr 29, 2019 at 6:51 AM Stanislav Malyshev <smalyshev@gmail.com>
wrote:

> Hi!
>
> I have set up PHP as CNA (CVE Identifiers authority) with MITRE. That
> means that we will be assigning our own CVEs from now on. The process in
> broad strokes works like this:
>
> 1. We request a block of numbers
> 2. When we have security bug, we use one of the numbers in the block
> 3. We create CVE descriptions and commit them to the cvelist repo
>
> Much more detailed documentation on how it is done is here:
> https://wiki.php.net/cve
>
> Me please (:

--0000000000001a64fa0587ac0b5c--