daniel:// stenberg://5d ago

a CVE dispute. What a great system.

https://daniel.haxx.se/blog/2026/06/24/a-cve-dispute/

a CVE dispute

A few years years ago the curl project signed up and became a CNA. This means that we are masters of and can allocate our own CVE identifiers. For any security problems within our territory, it is we who decides if the issue should get a CVE our not. No more bogus CVEs. 57 CVEs ā€¦ Continue reading a CVE dispute ā†’

daniel.haxx.se
Show threadMark Esler5d ago

@bagder would nominating https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat as your CNA's root help avoid MITRE?

MITRE sits above other roots, but if the processes flows to Pete's group first it might squelch the noise https://www.cve.org/programorganization/Structure

Show threaddaniel:// stenberg://
@eslerm our root is Red Hat already. I don't know why MITRE was involved here
Jun 24 at 10:36pmWeb
Show threadMark Esler5d ago
@bagder šŸ˜”
Show threadClickyMcTicker5d ago

@bagder @eslerm Perhaps they pitched a fit to Red Hat & appealed it up to MITRE. Iā€™m not familiar with the process, but this seems like the type of person to use it. They had an AI find the bug and write the report, then went back to it to seek validation. Meanwhile, their AI entirely missed the invalid DNS issue. Meanwhile, I brought the same URL to ChatGPT and it pointed out the invalidity immediately.

AI is rotting brains.