CVE for upcoming ODBC issue in Shibboleth SP

[Ferenc Wágner]

"Cantor, Scott" <cantor.2 at osu.edu> writes:

>> I asked the Debian Security Team to allocate a CVE ID for the
>> upcoming issue. They only do that for yet-undisclosed issues, so the
>> timing is a bit tight, though; we'll see.
>
> If you think tomorrow is likely, I can hold the release. I'm building
> the packages now but I can re-hide the directory once that's done this
> afternoon and just wait on the CVE.

No, do not hold back, I got word that they can allocate CVE IDs for
Debian-specific issues only and we should ask MITRE directly or use the
Red Hat CNA.  Or maybe simply ask your reporter to get an ID after all.
You can also add that to the advisory later.
-- 
Feri.