Bug#850728: security-tracker: DSA-3756-1 vs. tracker
It is indeed valid. It is not uncommon for the mitre list to take some time to catch up. The CVE ids are blocked to various CNAs leading to the 5000s being currently assigned.
The discussion where the the CVE is assigned is here:
The ref for CVE ids and CNAs is here:
HPE Linux Security, Hewlett Packard Enterprise
From: Francesco Poli [mailto:firstname.lastname@example.org]
Sent: Monday, January 09, 2017 11:14 AM
To: Debian Bug Tracking System <email@example.com>
Subject: Bug#850728: security-tracker: DSA-3756-1 vs. tracker
DSA-3756-1  claims to talk about CVE-2017-5208 , but the CVE official list seems to know nothing about it .
Actually, have *so many* vulnerabilities been already indexed in the just started year 2017 ?!?
Is this a typo? Which is the correct CVE number?
Please clarify and fix the tracker data, as appropriate.
Thanks for your time!