CNA scope conflict improvement #6612

Kevin-CB · 2023-08-14T08:15:19Z

We recently had a misunderstanding regarding the assignment of CVEs when there's a scope conflict with another CNA.
(see SECURITY-3141)

daniel-beck · 2023-08-14T09:50:44Z

Disagree. We still handled it by coordinating with the other CNA, we just didn't assign it ourselves. This exists because we need maintainers not to go run off themselves and have CVEs assigned.

Kevin-CB · 2023-08-14T10:05:48Z

content/security/for-maintainers.adoc

 .. Work usually happens on a branch, and a corresponding pull request will be used for review.
 . A *date and time of the release is coordinated* between the security team and maintainers.
-  The security team handles CVE ID assignment, advance notification of users, and creation of the security advisory.
+  The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory.


We still handled it by coordinating with the other CNA, we just didn't assign it ourselves.

Do you prefer an approach like this one ,or do you think it should not be mentioned?

Suggested change

The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory.

The security team handles CVE ID assignment (assignment may require coordination with another CNA in case of a scope conflict), advance notification of users, and creation of the security advisory.

CNA scope conflict improvement

4b7bc9f

Kevin-CB requested a review from a team as a code owner August 14, 2023 08:15

infra-ci-jenkins-io bot deployed to preview August 14, 2023 08:24 View deployment

Kevin-CB commented Aug 14, 2023

View reviewed changes

Merge branch 'master' into CNA-scope-conflict

3b19a45

infra-ci-jenkins-io bot deployed to preview April 26, 2024 02:54 View deployment

infra-ci-jenkins-io bot deployed to preview July 30, 2024 19:03 View deployment

infra-ci-jenkins-io bot deployed to preview August 1, 2024 09:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 1, 2024 13:22 View deployment

infra-ci-jenkins-io bot deployed to preview August 1, 2024 17:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 5, 2024 07:22 View deployment

infra-ci-jenkins-io bot deployed to preview August 5, 2024 21:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 6, 2024 11:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 7, 2024 13:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 7, 2024 15:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 7, 2024 19:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 7, 2024 21:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 8, 2024 19:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 12, 2024 05:22 View deployment

infra-ci-jenkins-io bot deployed to preview August 13, 2024 14:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 19, 2024 04:22 View deployment

infra-ci-jenkins-io bot deployed to preview August 19, 2024 15:51 View deployment

infra-ci-jenkins-io bot deployed to preview August 20, 2024 15:51 View deployment

infra-ci-jenkins-io bot deployed to preview August 20, 2024 19:51 View deployment

infra-ci-jenkins-io bot deployed to preview August 21, 2024 14:22 View deployment

infra-ci-jenkins-io bot deployed to preview August 21, 2024 16:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 22, 2024 14:52 View deployment

infra-ci-jenkins-io bot deployed to preview August 22, 2024 22:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 23, 2024 00:21 View deployment

infra-ci-jenkins-io bot deployed to preview July 24, 2025 16:13 View deployment

infra-ci-jenkins-io bot deployed to preview July 27, 2025 22:21 View deployment

infra-ci-jenkins-io bot deployed to preview July 28, 2025 12:52 View deployment

infra-ci-jenkins-io bot deployed to preview July 28, 2025 14:51 View deployment

infra-ci-jenkins-io bot deployed to preview July 29, 2025 15:03 View deployment

infra-ci-jenkins-io bot deployed to preview July 30, 2025 19:50 View deployment

infra-ci-jenkins-io bot deployed to preview July 31, 2025 21:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 4, 2025 05:20 View deployment

infra-ci-jenkins-io bot deployed to preview August 4, 2025 09:21 View deployment

infra-ci-jenkins-io bot had a problem deploying to preview August 4, 2025 17:22 Failure

infra-ci-jenkins-io bot deployed to preview August 4, 2025 19:22 View deployment

infra-ci-jenkins-io bot deployed to preview August 5, 2025 15:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 6, 2025 19:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 7, 2025 21:52 View deployment

infra-ci-jenkins-io bot deployed to preview August 8, 2025 15:52 View deployment

infra-ci-jenkins-io bot deployed to preview August 8, 2025 17:51 View deployment

infra-ci-jenkins-io bot deployed to preview August 8, 2025 23:51 View deployment

infra-ci-jenkins-io bot deployed to preview August 9, 2025 07:59 View deployment

infra-ci-jenkins-io bot deployed to preview August 11, 2025 03:51 View deployment

infra-ci-jenkins-io bot deployed to preview August 11, 2025 16:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 12, 2025 14:20 View deployment

infra-ci-jenkins-io bot deployed to preview August 14, 2025 08:14 View deployment

infra-ci-jenkins-io bot deployed to preview August 15, 2025 10:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 15, 2025 12:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 15, 2025 18:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 18, 2025 04:20 View deployment

infra-ci-jenkins-io bot deployed to preview August 18, 2025 10:21 View deployment

infra-ci-jenkins-io bot deployed to preview August 18, 2025 12:20 View deployment

infra-ci-jenkins-io bot deployed to preview August 19, 2025 13:50 View deployment

infra-ci-jenkins-io bot deployed to preview August 20, 2025 12:52 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

CNA scope conflict improvement #6612

CNA scope conflict improvement #6612

Uh oh!

Kevin-CB commented Aug 14, 2023 •

edited

Loading

Uh oh!

daniel-beck commented Aug 14, 2023 •

edited

Loading

Uh oh!

Kevin-CB Aug 14, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

	The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory.
	The security team handles CVE ID assignment (assignment may require coordination with another CNA in case of a scope conflict), advance notification of users, and creation of the security advisory.

Uh oh!

CNA scope conflict improvement #6612

Are you sure you want to change the base?

CNA scope conflict improvement #6612

Uh oh!

Conversation

Kevin-CB commented Aug 14, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

daniel-beck commented Aug 14, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Kevin-CB Aug 14, 2023

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Kevin-CB commented Aug 14, 2023 •

edited

Loading

daniel-beck commented Aug 14, 2023 •

edited

Loading