Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#20383 closed defect (implemented)

Create a Tor-specific vulnerabilty enumeration scheme

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201610
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We've been bad at reliably getting CVE numbers for stuff, but it's still useful for packages to have a "this security issue got fixed by that thing" cross reference. So let's make our own. We can even match them up to bug numbers and CVE numbers if we want: they aren't mutually exclusive.

Right now I like TROVE: Tor Registry Of Vulnerabilities and Exposures . Any objection?

If not, I am allocating TROVE-2016-001.

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by nickm

https://trac.torproject.org/projects/tor/wiki/TROVE is a work in progress. Let's try this process and see how we like it.

comment:2 Changed 3 years ago by mcs

Cc: mcs added

comment:3 Changed 3 years ago by nickm

Resolution: implemented
Status: newclosed

(Done)

comment:4 Changed 3 years ago by nickm

Keywords: TorCoreTeam201610 added
Note: See TracTickets for help on using tickets.