[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TECH] Duplicate candidates - which one should be preferred?



Since 2001-0145 is already cross-referenced in other advisories, and
there is just a little more detail in that entry, it would make
correlation efforts easier all the way around.  I there should be some
reference that it absorbed/replaced 2000-0756, and 2000-0746 should
reflect it was absorbed by 2001-0145.

Pascal Meunier wrote:
>
> Yes, I think we should keep CAN-2001-0145 to become the CVE number, and have CAN-2000-0756 and CAN(CVE)-2001-0145 doubly linked with an explicit notice "These are the same vulnerabilities."
>
> I think that this is an acceptable price to pay for a reduced lag time, if it happens only a few times per year.
>
> Cheers,
> Pascal
>
> At 11:36 PM -0500 2/27/01, Steven M. Christey wrote:
> ...
> >The guidelines suggest that CAN-2001-0145 would be promoted instead of
> >CAN-2000-0756.  So, is that reasonable?
> >
> >- Steve

--
 ------------------------------------------------------------
 David W. Baker                            bakerd@mitre.org
 Lead INFOSEC Engineer
 G023 - Secure Information Technology      (703) 883-3658
 The MITRE Corporation                     (703) 883-4589 (F)
 Mailstop W435                             (877) 682-0632 (P)
 1820 Dolley Madison Blvd                  McLean, VA, 22102
 ------------------------------------------------------------
 "Cyberspace. A consensual hallucination experienced daily by
 billions of legitimate operators, in every nation, by
 children being taught mathematical concepts... A graphic
 representation of data abstracted from the banks of every
 computer in the human system.  Unthinkable complexity.  Lines
 of light ranged in the nonspace of the mind, clusters and
 constellations of data.  Like city lights, receding..."
 - William Gibson, "Neuromancer"

 "640K ought to be enough for anybody." - Bill Gates, 1981
 -------------------------------------------------------------

Page Last Updated or Reviewed: May 22, 2007