Re: What does it mean for a vulnerability to be retired?
- From: "George A. Theall" <theall@xxxxxxxxxxxx>
- Date: Fri, 21 Dec 2007 13:28:42 -0500
On Dec 21, 2007, at 1:11 PM, Terra Frost wrote:
<http://www.securityfocus.com/bid/26885> is an example of a
vulnerability whose status has been changed to RETIRED. My question
is.. what, exactly, does that mean?
The meaning varies. In this case, it means that SecurityFocus believes the issue was bogus, which is what they say under the Discussion section:
http://www.securityfocus.com/bid/26885/discuss
[As an aside, retiring this was probably a mistake -- there is definitely an issue with WordPress as subsequent discussions on the Bugtraq mailing list have shown.]
In other cases, SecurityFocus might mark an BID as retired because they have split out the issues into separate BIDs, as they did recently with BID 26929, for various issues in Adobe's Flash Player plugin.
George
--
theall@xxxxxxxxxxxx
- References:
- What does it mean for a vulnerability to be retired?
- From: Terra Frost
- What does it mean for a vulnerability to be retired?
- Prev by Date: What does it mean for a vulnerability to be retired?
- Next by Date: Re: What does it mean for a vulnerability to be retired?
- Previous by thread: What does it mean for a vulnerability to be retired?
- Next by thread: Re: What does it mean for a vulnerability to be retired?
- Index(es):
Relevant Pages
|
