Closed
Bug 1080600
Opened 10 years ago
Closed 9 years ago
CVE ID format change: CVE-\d{4}-\d{4} becomes CVE-\d{4}-\d{4,} this year
Categories
(bugzilla.mozilla.org :: Extensions, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: Atoll, Assigned: dkl)
References
Details
Attachments
(1 file)
611 bytes,
patch
|
dylan
:
review+
|
Details | Diff | Splinter Review |
https://cve.mitre.org/cve/identifiers/syntaxchange.html They haven't *yet* reached CVE-2014-10000, but if they don't, they promise to release a five-digit CVE at the beginning of 2015. Interestingly, "There is no limit on the number of arbitrary digits. Leading 0’s will only be used in IDs 1 to 999, as shown in column one below." So these CVEs would need to match: CVE-2014-0001 CVE-2014-9999 CVE-2014-10000 CVE-2014-99999 CVE-2014-100000 CVE-2014-999999 CVE-2014-1000000 CVE-2014-9999999 And these would be invalid: CVE-2014-00001 CVE-2014-099999 CVE-2014-0123456 Which sounds more like this than my simplified subject: CVE-\d{4}-(?:\d{4}|[1-9]\d{4,6})(?!\d)
As of the time of filing this bug, only the first row of CVE IDs get highlighting (0001 and 9999), which makes it useful as a test case (the four rows of valid IDs should be highlighted, the three rows of invalid should not.)
Assignee | ||
Comment 2•10 years ago
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8502540 [details] [diff] [review] 1080600_1.patch Review of attachment 8502540 [details] [diff] [review]: ----------------------------------------------------------------- this looks like an efficient regex in Regexp::Debugger.
Attachment #8502540 -
Flags: review?(dylan) → review+
Assignee | ||
Comment 4•10 years ago
|
||
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git 75e5744..1f84551 master -> master
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
OS: Mac OS X → All
Hardware: x86 → All
Resolution: --- → FIXED
Comment 5•9 years ago
|
||
This is incorrect.... New CVE-ID Syntax The new CVE-ID syntax is variable length and includes: CVE prefix + Year + Arbitrary Digits So, either CVE-\d{4}-(0\d{3}|[1-9]\d{3,}) or CVE-\d{4}-\d{4,}
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: CVE ID format change: CVE-\d{4}-\d{4} becomes CVE-\d{4}-\d{4,7} this year → CVE ID format change: CVE-\d{4}-\d{4} becomes CVE-\d{4}-\d{4,} this year
(In reply to Reed Loden [:reed] from comment #5) > This is incorrect.... reopening a r/f bug isn't useful; i've created bug 1117599 to track this change.
Status: REOPENED → RESOLVED
Closed: 10 years ago → 9 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Component: Extensions: BMO → Extensions
You need to log in
before you can comment on or make changes to this bug.
Description
•